Shibboleth Developers

[André Cruz <>]

Scott Cantor wrote:
>> So.. When a request arrives:
>>
>> if the uri is *.sso {
>>     doHandler();
>> } else {
>>     doCheckAuthN();
>>     doExportAssertions();
>>     doCheckAuthZ();
>> }
>>
>>     
I just noticed that calling doCheckAuthN(true) will call doHandler() if
it is needed. This way can we avoid having to call doHandler() ourselves
assuming that every request passes through here? Lighttpd does not have
authentication specific hooks...

Can the flow be just:

    doCheckAuthN(true);
    doExportAssertions();
    doCheckAuthZ();

?

Also, I have a suggestion regarding the ShibTarget API. Lighttpd is an
event-driven/single-thread www server. Which means that when I call the
doXXXX() functions of ShibTarget and they block waiting to read from the
fd that is being used to communicate with the shibd daemon, the whole
server is waiting.

Lighttpd has a mechanism of notification of activity on fds so I can
register a function that will be called when there is activity on a fd
and this way the server can continue the processing while we wait. I
think the ShibTarget API could support this bahaviour by having
additional doXXXX() methods that don't block but instead return a fd to
wait on and a bool to indicate if it has finished or not. If it is not
finished we just wait for data on the fd and call the function again to
continue the processing...

Is this too difficult to implement?
> http://members.internet2.edu/intellectualproperty.html#appendix_c
>
>
>   
Can I do this electronically? Print, sign, scan and send it to somewhere?

Thanks,
André

Attachment: signature.asc
Description: OpenPGP digital signature