Shibboleth Developers

["Scott Cantor" <>]

> We don't want to create anything new either, but unfortunately, it
> looks like we have to.

I don't see why.

>  We have to be able to configure a Shibboleth
> IdP so that it returns attributes about a subject that it knows
> nothing about.

No existing Shib IdP knows anything about anybody. It's just a front-end,
not a self-contained system. Same as your use case. Doesn't matter whether
you use DNs or handles.

> Will this work in Shib 1.3?

It will work now. I think we're just talking past each other. The thing you
can't do is map the same format URI to multiple plugins at the same time.
But I don't see why that's needed here.

There's an entirely separate issue, which is preventing unauthorized queries
using such a subject, but there's not much we can do about that. That's the
reason for generally encouraging a separate deploy for this use case, but it
has nothing to do with formats.

-- Scott