Shibboleth Developers

[Olivier Salaun - CRU <>]

Closing this thread...

Scott Cantor wrote :

1.	(target) The path to shibboleth.ini is hardcoded in 
siterefresh.cpp (#define DEFAULT_SCHEMA_DIR 
"/opt/shibboleth/etc/shibboleth/") whereas it should be customizeable with configure
    

I'll look at plugging the path in, but that's not what the path is. It's not for the ini file, it's just for the schema folder, and it's already a command line option to set this. I just wanted to insure there was a default.
  

I thought this variable must be used to look for the shibboleth.ini file because my siterefresh binary is complaining it cannot find /opt/shibboleth/etc/shibboleth/shibboleth.ini whereas I compiled my Shib target with a different --prefix. Actually I did not run the siterefresh myself (and therefore cannot provide a command line argument) ; it was run by the SHAR at startup :

1079515135 INFO shibtarget.ShibINI : initializing INI file: /opt/shibboleth/etc/shibboleth/shibboleth.ini (sensitive=true)
1079515135 ERROR shibtarget.ShibINI refresh: stat failed: /opt/shibboleth/etc/shibboleth/shibboleth.ini
1079515135 INFO shibtarget.ShibINI refresh: reading /opt/shibboleth/etc/shibboleth/shibboleth.ini
1079515135 WARN shibtarget.ShibINI refresh: cannot open file: /opt/shibboleth/etc/shibboleth/shibboleth.ini
...

2.	(origin) When user is redirected from the SHIRE to the 
WAYF, the Target's URL is altered (port number is lost). 
    

Under what conditions? I've tested with other ports and it's worked. It may remove a default port, but that would be it.
  

I've sumitted a bug in bugzilla for this...

5.	(target) If the SHAR died suddenly, the /tmp/shar-socket prevent another SHAR instance to be started
    

Start it with -f (believe this is documented).
  

Ok

6.	I think the documentation is missing a chapter dedicated to X509 certificates...
    

Or a book? I would definitely not want our docs to include this, which doesn't mean we won't have some other supporting material.
  

I did not mean general documentation about certificates but a transverse chapter about certificates in Shibboleth. I know there are already chapters 4b, 5c (origin). But I missed some documentation when I started configuring my trust.xml files...

7.	(WAYF) 8bit characters are not accepted in wayfconfig.xml ("Error reading WAYF configuration file." message). This makes the custumizeable strings a bit less 
translateable.
    

Is the wayconfig XML encoding set to UTF-8 or something else?
  

No, i'll try changing this.


BTW: did anybody take some time to test SAML interoperability with other Identity management software ?

-- 
Olivier Salaun
Comite Reseau des Universites