Shibboleth Developers

[Scott Cantor <>]

I've made some changes to the default config files for the origin and target
to try and approximate what everyone seems to want, a "default" localhost
configuration. I'm not sure how well it work yet, but I issued the in-cvs
key/cert for both halves with CN=localhost and made up some default
providerId values for origin and target.

I'm thinking one could install the origin on an Apache using this key/cert,
put a target in it, and the various https://localhost/shibboleth/ URLs would
"just work". Obviously if you aren't using localhost, you'd have to do more
work, but mostly just change URLs.

To do InQueue, you have to take extra steps to get the latest metadata,
change your config options, get a key signed by a CA, etc.

InCommon would be roughly the same thing, just with less margin for error.

I'm thinking that also we may need to tell the InCommon guys to do some
checking of the key in the CSRs and make sure it doesn't match the default
key (or keys) that we have floating around.

-- Scott