Shibboleth Developers

[Ian Young <>]

Scott Cantor wrote:

> > If you wanted to try the your-IdP/my-SP combination, an IdP in InQueue 
> > could be tweaked to issue signed assertions to my SP:
>
> I think it worked. You can try with Example State if you like.

I don't think the assertion got signed.  I attach what I think is your 
one.  I went through Example State myself and got something very similar 
(again unsigned).

> > urn:mace:ac.uk:sdss.ac.uk:provider:service:target.iay.org.uk
>
> This definitely wins "worst URN ever".

One of my many youthful mistakes.  But if you think that is "worst ever" 
you obviously haven't looked at our medical entitlement URNs.

Just as well they are just strings, eh? ;-)

        -- Ian

2006-02-21 19:57:18 DEBUG SAML.libcurl [29] sessionGet: <soap:Envelope 
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; 
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soap:Body><Response 
xmlns="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
InResponseTo="_c8c032b7bae5e555782d2b29b6b05ec5" 
IssueInstant="2006-02-21T19:57:17.997Z" MajorVersion="1" 
MinorVersion="1" 
ResponseID="_4ddfa48e93e59d49ef88f20a9afe5eee"><Status><StatusCode 
Value="samlp:Success"></StatusCode></Status><Assertion 
xmlns="urn:oasis:names:tc:SAML:1.0:assertion" 
AssertionID="_6d7563637bc83017132e2ad267cdffeb" 
IssueInstant="2006-02-21T19:57:17.997Z" 
Issuer="urn:mace:inqueue:example.edu" MajorVersion="1" 
MinorVersion="1"><Conditions NotBefore="2006-02-21T19:57:17.997Z" 
NotOnOrAfter="2006-02-21T20:27:17.997Z"><AudienceRestrictionCondition><Audience>urn:mace:ac.uk:sdss.ac.uk:provider:service:target.iay.org.uk</Audience><Audience>urn:mace:inqueue</Audience></AudienceRestrictionCondition></Conditions><AttributeStatement><Subject><NameIdentifier 
Format="urn:mace:shibboleth:1.0:nameIdentifier" 
NameQualifier="urn:mace:inqueue:example.edu">_502e6d09252174596c7418589da3f8af</NameIdentifier></Subject><Attribute 
xmlns:typens="urn:mace:shibboleth:1.0" 
AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" 
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"><AttributeValue 
xsi:type="typens:AttributeValueType">urn:mace:example.edu:exampleEntitlement</AttributeValue><AttributeValue 
xsi:type="typens:AttributeValueType">urn:mace:incommon:entitlement:common:1</AttributeValue></Attribute><Attribute 
xmlns:typens="urn:mace:shibboleth:1.0" 
AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" 
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"><AttributeValue 
Scope="example.edu" 
xsi:type="typens:AttributeValueType">member</AttributeValue></Attribute><Attribute 
xmlns:typens="urn:mace:shibboleth:1.0" 
AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName" 
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"><AttributeValue 
Scope="example.edu" 
xsi:type="typens:AttributeValueType">demo</AttributeValue></Attribute></AttributeStatement></Assertion></Response></soap:Body></soap:Envelope>
2006-02-21 19:57:18 DEBUG SAML.libcurl [29] sessionGet: Closing 
connection #0