shibboleth-dev - RE: Setting up a shared Shibboleth IdP - can it be done?
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: Setting up a shared Shibboleth IdP - can it be done?
- Date: Wed, 19 Oct 2005 11:34:23 -0400
- Organization: The Ohio State University
> What is happening today is that the users already have what we call fully
> qualified FEIDE-names, which consist of their (local) user name, supplied
by
> their home organization, and a FEIDE-realm, which is the part indicating
the
> home organization, in the format of email-adresses:
>
If they already use them, that's one thing. Training them to start is
something else.
> We haven't currently seen that as a potential problem, as the
> FEIDE-realm-part of the FEIDE-name is uniquely mapped to the correct LDAP
> entry points where our login service can find the correct Distinguished
Name
> for the current user, and with it, any attributes the services have
> requested.
That's not my point. The attribute resolver is good, but it's not *that*
good. At best, you'd have a ton of "failover" connectors all wasting time
querying LDAP directories and failing before you got to the right one.
-- Scott
- Setting up a shared Shibboleth IdP - can it be done?, nils . thommesen, 10/19/2005
- RE: Setting up a shared Shibboleth IdP - can it be done?, Scott Cantor, 10/19/2005
- RE: Setting up a shared Shibboleth IdP - can it be done?, Nils Andreas Thommesen, 10/19/2005
- RE: Setting up a shared Shibboleth IdP - can it be done?, Scott Cantor, 10/19/2005
- RE: Setting up a shared Shibboleth IdP - can it be done?, Nils Andreas Thommesen, 10/19/2005
- RE: Setting up a shared Shibboleth IdP - can it be done?, Scott Cantor, 10/19/2005
Archive powered by MHonArc 2.6.16.