Shibboleth Developers

["Scott Cantor" <>]

> these situations, the national WAYF is indeed not adapted at all because 
> it lists too many sites. On the other hand these institutions don't 
> really want to build a regional federation; they just need a regional 
> WAYF or a local WAYF builtin with the SP.

Exactly, the latter especially. That's my point. Proliferating WAYFs is why
ultimately the SP has to deal with this.

> Are there any such develpment plans for 1.3 or 2.0?

The 1.3 SP has some new options to define "session initiators". These are
endpoints or plugins that handle the creation of authentication requests.
But there is still no WAYF built in. This is considerably complicated to add
in C++, it's literally a mini-webapp sitting inside the code. The Java SP
can probably add this at some point easier than I can.

There is improved support for SPs that develop a WAYF locally because the
lazy session initiator can be given a providerId and it can use metadata to
construct a supported request. This means SPs don't have to actually
implement any SSO profile messages themselves.

There is also an idpHistory option that will create/update a local _saml_idp
cookie any time a session is created. A local WAYF sharing the domain could
read the cookie and use it to preselect or automate the selection process.

-- Scott