Skip to Content.
Sympa Menu

shibboleth-dev - Re: SAML name identifiers

Subject: Shibboleth Developers

List archive

Re: SAML name identifiers


Chronological Thread 
  • From: "Tom Scavo" <>
  • To:
  • Subject: Re: SAML name identifiers
  • Date: Sun, 5 Mar 2006 22:47:44 -0500
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=W+JsX0nitkjEsCI+ym0jaYd261xWN6SkirBBV4pev1cFYLIVyk6ys1SWTbHItStPz++SDzY57r26P4sioh2kh80HH+9xNk77eYrSSXXdQ1ElPgVTOCb5VINpIVsR1C1ClFvsyPxMx87u3W0S52LvALvWjrAcyz7YUS4p/v2PuuQ=

On 3/5/06, Scott Cantor
<>
wrote:
> > The qualifier attribute is optional.
>
> It's also deprecated for those formats.

Hmm, I missed the phrase "SHOULD be omitted" in SAML2 core.

> > where can I get the authoritative,
> > deployment-wide domain (scope) attribute?
>
> The plugin API would probably have to expose that piece of data so that it
> could be supplied at runtime from the back end, and then you could define a
> default value to use. So it looks about like the smartScope attribute. It
> might be reasonable to extract that into a single setting to avoid the
> duplication. Or one might even be able to use an XML entity to define it
> once and just reuse it in the various XML files and the code wouldn't change
> at all.

Sounds like another Shib 2.0 feature :-) but since I'm working with
Shib 1.3, here's what I'll do:

- I'll make the NameMapping/@qualifier attribute optional. If it's
omitted, I'll use idp.getProviderId() in the plugin, which is what I'm
doing now.

- I'll make the NameMapping/@template and NameMapping/@regex
attributes required.

If you add a default domain (scope) in Shib 2.0, you can relax the
above requirement.

Tom

PS. Let me know if you'd like me to create a bugzilla for the default
domain feature.



Archive powered by MHonArc 2.6.16.

Top of Page