Shibboleth Developers

["Scott Cantor" <>]

> I think Shire should have send a SAML Request to HS
> before the Response. However, I can not find the SAML
> Request in shar.log and shire.log.

SAML 1.1 does not define any such message, only the Response to the SP.
Shibboleth invented an "authentication request" message which is defined in
the protocol document posted at the site. This is a browser redirect and
would not be expected to appear in any log at the SP. You're a little
confused about the flows, I think.

> If my thought is correct, which class on the target
> site is responsible for sending the request and which
> class on the origin site is in charge of receiving the
> request? May I read the request by inserting a
> "log.debug(..)" into some class on the target site?

There is a class that generates these so-called AuthnRequest URLs for the
modules when they need to initiate the process. The shibtarget::SHIRE class
has a method for this to encapsulate the work, the thought being that it
will be extended to handle other protocols, such as SAML 2.0 eventually. The
name is likely to change once we commit to getting all these stale terms
removed.

-- Scott