Shibboleth Developers

[Olivier Salaun - CRU <>]

I thought it could be usefull to send you developers some feedback about the few traps simple shib installers encounter on the way... I almost ended installing Shibboleth origin (including a WAYF) and target packages on a Linux RedHat 9 with apache_1.3.29. Here are my comments :

1. (target) The path to shibboleth.ini is hardcoded in siterefresh.cpp (#define DEFAULT_SCHEMA_DIR "/opt/shibboleth/etc/shibboleth/") whereas it should be customizeable with configure
2. (origin) When user is redirected from the SHIRE to the WAYF, the Target's URL is altered (port number is lost).
   
3. (origin) The removal of non DOM3 endorsed libraries is required but not mentionned in
   chapter 3.b.4 of the "origin deployment guide"
4. (origin) you are distributing twice the same endorsed/dom3-xercesImpl-2.4.0.jar library (same file size) with shibboleth-origin-1.1. Whereas dom3-xml-apis-2.4.0.jar is missing....I spent some time figuring this out !
5. (target) If the SHAR died suddenly, the /tmp/shar-socket prevent another SHAR instance to be started
6. I think the documentation is missing a chapter dedicated to X509 certificates...
7. (WAYF) 8bit characters are not accepted in wayfconfig.xml ("Error reading WAYF configuration file." message). This makes the custumizeable strings a bit less translateable.

I'd really need a patch for (2)...

Hope it will help.

-- 
Olivier Salaun
Comite Reseau des Universites