Shibboleth Developers

[Will Norris <>]

In doing some of these unit tests for the 1.3 IdP, I ran across a  
distinct difference in how the AA handles Shib 1.1 attribute  
requests.  A 1.3 AA seems to be sending some additional XML  
attributes in its response that weren't present before, and I'm  
wondering if a 1.1 SP will safely ignore them or refuse to parse the  
response.  A quick example:


In Shib 1.2, a response to a 1.1 attribute request might contain...

    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"  
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"  
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"  
InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6">


In Shib 1.3, this same 1.1 attribute request would receive a response  
with...

     <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"  
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"  
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"  
InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6"  
IssueInstant="2005-08-29T14:22:57.644Z" MajorVersion="1"  
MinorVersion="1" ResponseID="_3770591ca7cd3d629e838d9a91d19761">


I was going to setup a Shib 1.1 SP to test it, but decided it might  
be a bit easier to ask the list if someone had already tested this or  
knew if it would work.


Thanks,
Will Norris

--
Will Norris
Information Technology
The University of Memphis