Skip to Content.
Sympa Menu

shibboleth-dev - Re: SAML name identifiers

Subject: Shibboleth Developers

List archive

Re: SAML name identifiers


Chronological Thread 
  • From: "Tom Scavo" <>
  • To:
  • Subject: Re: SAML name identifiers
  • Date: Mon, 6 Mar 2006 14:50:56 -0500
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QPhBKCFanFHFDaf/DG33/jMXlsJI0ZlayFakH8NgYpVhU6TJcEgSVR2jpaIYSnvfj5PmpFxePhB+hJnJdG48ERyzcZERxvk7/qctDrwwUiGe4CfAIUgnOpspvRLgCTlFarL4Yri0ne7rkMi+CA3i93H6OdkdYmKiyDbmP2I9Pl0=

On 3/6/06, Scott Cantor
<>
wrote:
> >
> > 1. Add a default domain to the IdP config
> > 2. Modify the protocol handler to accept domain override from
> > the deployment
> > 3. Add placeholder %DOMAIN% in addition to %PRINCIPAL%
>
> I don't think any of us intend to enhance 1.3 to do this, if that's what you
> had in mind.

I might be foolish, but not that foolish :-) I'm throwing this out
for consideration in 2.0 (even though we won't be able to take
advantage of it right away).

I don't intend to add this as a 1.3 extension either. GridShib
doesn't modify the existing Shib 1.3 codebase, it only adds to it. So
what I can do for my users is offer a single implementation of
NameIdentifierMapping that supports all four SAML 1.1 name identifier
formats. (This is done except for the unit test. Again, thanks for
the suggestion.)

> I think the domain default thing is probably something we would want to do
> for 2.0 to reduce duplication of settings, though.

I dearly wish I had this in 1.3. I need it for the GridShib IdP
metadata generator we have in mind.

> But 2.0 could include other changes to APIs and design that render this
> proposal merely an input proposal, not a final solution.

I realize that, no problem.

Tom



Archive powered by MHonArc 2.6.16.

Top of Page