Shibboleth Developers

["Scott Cantor" <>]

> The ability to collapse the majority of SAMLNameIdentifier formats
> into a single class/config option.  The only ones not covered are
> transient and persistent, which are different beasts altogether.

That's a Shibboleth function. It doesn't have anything to do with the SAML
class hook that I can see.

> So are you suggesting that PrincipalNameIdentifierMapping could be
> implemented in Shib 1.3 without using the hooks from OpenSAML 1.1?  I
> don't doubt you, but I don't see how to do it, I'm afraid.

There's nothing important in there that has anything to do with the OpenSAML
classes. Take out the call to checkValidity. Done. Or if you like, implement
it in the mapping plugin if you care about it.

My concern with this is just making sure that we're not losing any of this
capability in 2.0. Which I don't have any reason to think, but that's why I
asked about the connection.

The basic SAML class (old and new version) is perfectly able to handle any
string based format. It just doesn't check the syntax. Which I think is
irrelevant because the regexp here is what constrains the patterns you'll
get anyway, so if it's correct, the syntax will be, and if you were handed
bad data, the reverse mapping would just fail.

-- Scott