Shibboleth Developers

["Scott Cantor" <>]

> Invoking the handler with a specific IdP providerId URL query parameter 
> only seems to work for me if that providerId lives in new 1.3-style 
> metadata.  If it lives in a 1.2-style sites file metadata, it doesn't 
> find it, even though the IdP's in that metadata work fine otherwise (if 
> you go to their WAYF, etc).  The web output and log error includes:
> 
> Session Initiator Error: Session initiator unable to locate a 
> Shibboleth-aware identity provider role for provider
> 
> In looking at the code in shib-handlers.cpp around line 204, this would 
> appear to be expected, since it only looks for an IDPSSODescriptor?    
> Is this a bug or a feature?  :-)

Bug. I forgot to include Shib protocol indication in the fake descriptor the
old metadata is turned into.

> Ah! The reason I couldn't find this and was confused about  what it was 
> all about is that the shibboleth.xml comments reference
"requestSessionWith",
> but the code and XML schema use "requireSessionWith".    So my searching
for
> the former was futile.  I just happened to notice the latter, now it all
makes
> sense. So there's a bonafide documentation bug report for ya.

Right, fixed.

I reworked the text a bit, but it isn't something that will document itself
in a comment at this point.

Thx,
-- Scott