Shibboleth Developers

["Scott Cantor" <>]

> this continues to move forward. As previously mentioned, it will be 
> using the SAML v2 metadata format to describe federation members. 
> Shib v1.3 will support this metadata format (and we think there will 
> be a plugin available for v1.2 to allow it to use this format).

Not unless somebody else writes it at this point, I figured on using XSLT to
spin the old format from the new one. I could write the code, but I don't
have time to package up a new plugin for people to use given the small
number of people that would actually update to it.

> -- can we reuse one of the SAML data elements as the userid? the 
> entityID? or just have people create something that looks more like a 
> userid?

Seems like reusing the provider ID is the most sensible, that or the contact
email address.

> -- how to do authn? The app runs within Tomcat, and it makes a lot of 
> sense to leverage Tomcat's authentication functionality, if at all 
> possible. Use Tomcat form authn, and have it use a local file with 
> userids and passwords?

Sure, but there's no support for actually adding users programmatically. If
you need a database anyway (and I think the app does), I'd just use that.

> -- the app is currently using paths like this -- 
> InSecure-Proto/newEdit.do -- to enter the various functions. Could 
> Tomcat authn be associated with some functions (eg newEdit), but not 
> others (eg Register)?

Yes.

> -- how do we want to handle the trust fabric? just include 
> self-signed cert's right in the metadata entry?

Yes, that or the actual keys.

> -- how much help text (describing the various metadata elements) do 
> we want to provide? About the same amount we currently provide on the 
> IQ register pages?  more, less?

Please don't embed more documentation outside of the wiki. Create topics for
whatever you want to document and link to that.

> -- do we want to add any graphic or logo elements to the pages?

Photoshop in a robber mask on the pig?

-- Scott