Shibboleth Developers

["Scott Cantor" <>]

> For the purposes of AuthN Proxying, will the versioning  compatibility  
> be the same as standard Shibboleth? (Shib 2.0 will work with 1.3, but  
> no lower, if I remember correctly).  Obviously the proxying IdP would  
> need to talk SAML 2, but what about the authenticating IdP?

I can't answer that, really, since we haven't put proxying on the roadmap
list yet.

But I suspect that anything can be treated as "proxying". It's more a
question of how the IdP interprets the AuthnRequest and whether it inserts
an AuthenticatingAuthority into the AuthnStatement. In theory, that could be
configurable outside of the specifics of how the authentication got done. It
becomes a policy/deployment question as to what constitutes a separate IdP.

Passport, yes, local CAS, no. Something like that. Each handler gets to
decide.

-- Scott