Shibboleth Developers

[Tom Scavo <>]

On Thu, 17 Feb 2005 13:10:36 -0500, Scott Cantor 
<>
 wrote:
> > EntityDescriptor/entityId -- the unique name of the entity. So far,
> > we've been using a syntax of urn:mace:[federation name]:[org name]
> 
> That might need to be re-examined. It certainly doesn't apply to SPs. I
> think we need to come up with the right set of questions to ask to generate
> the SP name. Probably by prompting for "a valid DNS name that represents
> your service (NOT a hostname)" and then just doing
> https://<DNSname/shibboleth

Perhaps the providerId should default to

  "https://idp.<shib-domain>/shibboleth"

or

  "https://sp.<shib-domain>/shibboleth"

for consistency.

> > 3) Within the SPSSODescriptor element, people would enter:
> >
> > -- KeyDescriptor (paste  in a self-signed cert?)
> > -- AssertionConsumerService, a url value for the Location attribute
> 
> This needs to be multi-valued.
> 
> > the program would provide default values for:
> >
> > -- SPSSODescriptor/protocolSupportEnumeration attribute
> > -- NameIDFormat
> > -- AssertionConsumerService/ Binding attribute
> 
> I don't think we can assume POST or artifact in the future, they should
> choose (POST/artifact/both).

The locations of the assertion consumer service endpoints might default to

  "<providerId>/SSO/POST"

and

  "<providerId>/SSO/Artifact"

but whatever you choose, please avoid "shire" in the location. 
Similarly, the SSO service might have location

  "<providerId>/SSO"

Again, we avoid "HS" in the location.  The remaining endpoint
locations should default to

  "<providerId>/ArtifactResolution"
  "<providerId>/AA/SOAP"

So if you choose the providerId correctly to begin with, the endpoint
locations fall right into place.

Tom