Shibboleth Developers

["Scott Cantor" <>]

> of "Unknown Service Provider".  Does this seem like a logical method  
> to use for this type of functionality?

That's the obvious way to do it today. 2.0 has a redesigned configuration
that separates unauthenticated from default behavior, so it has to be
explicitly enabled.

> I only modified the SSO Handler for now since that was our primary  
> concern... the delivery of an AuthnAssertion.  I think if we go  
> forward with this, we'll want to modify the other Handlers as well,  
> just to cover all our bases.

It's not all that needed for queries, there's already the option to just use
an empty default ARP.

> Actually, now that I think about it, it  
> might make more sense to just make new ProtocolHandler  
> implementations instead of patching the existing ones, though you'd  
> still need a patch for the configuration attribute. *shrug*

Yes, I've noted the inability to extend the configuration to Walter.

-- Scott