Shibboleth Developers

["Scott Cantor" <>]

> support". What parts of AuthNContext will be supported exactly and to
> what extent? For example, will it be possible to define own AuthN
> contexts and maybe even classes?

You need to completely divorce the machinery from the meaning. The machinery
will be supported in some sense, but there is no connection between the
deployer's mapping of contexts and context comparisons to the actual
technology being used to authenticate. It's up to the deployer to understand
what a context means and which authentication mechs would be deployed with
it.

> How will that work exactly when an SP accepts/requires a large list of
> authN contexts and each of them is identified by a pretty long URN?
> Won't that be a problem when stuffing this in another GET argument?

There are lots of things that break the Redirect binding. That's why POST
should be the default. Redirect isn't really all that useful except for
minimal requests.

> PS: Btw. @Scott or whoever maintains the Shib Wiki. SWITCH staff cannot
> login to the Shib Wiki anymore for quite some time because our
> certificate changed.

Hmm, for some reason the SWITCH metadata isn't in my siterefresh script, I'm
sure it's out of date. No idea why not. I'll hunt down the link and the
signing key and get it updating.

-- Scott