Shibboleth Developers

["Scott Cantor" <>]

> To use mapping type CryptoHandleGenerator (an alias for
> edu.internet2.middleware.shibboleth.hs.provider.CryptoShibHandle),
> presumably the Format attribute of the NameIdentifier element and
> format attribute of the NameMapping element must be set to some other
> value.  What is that value (or what am I missing)?

You're missing the fact that you can't do this now. You can't have multiple
mappings for the same format, and using a different format is wrong. In 2.0,
both would be transient. They are alternate implementations of a given type
of identifier, they're not designed to work simultaneously and I can't see
why I'd want them to.

> I'm not sure I understand.  The AA supports (via NameMapper) three
> mapping types (SharedMemoryShibHandle, CryptoHandleGenerator, and
> Principal), each corresponding to a different implementation of
> NameIdentifierMapping.

And each one works by itself and doesn't work if you try and run them all
together.

> I just made up values for the format and class attributes, but you get
> the idea. ;-)

But we don't *want* people making up formats. Format is a SAML concept. We
made one up because we had to, not because we wanted to. If the subject is a
DN, then there's already a Format for that. Your goal is to write a mapping
plugin for that Format that converts the SAML identifier into whatever the
internal principal name needs to be. And then you install that.

I can only speculate, but I would guess that Walter will make the mapping
configuration endpoint specific, such that if you needed to support
alternate mappings for a given format, you could discriminate them based on
endpoint. In the rare cases where that's even necessary, anyway.

-- Scott