Shibboleth Developers

[André Cruz <>]

Scott Cantor wrote:
> Most of the shibd server is in the MemoryListener class. The RPCListener on
> the server side just calls the MemoryListener methods to service the calls
> from the client. If you plugin the MemoryListener into shibboleth.xml in
> place of the RPCListener, then in theory there's no RPCs anymore, it's all
> inline.
>
>   
What about the session/attribute cache? Will it be maintained on the
server process' memory space?
> But artifact should give you the same warning. I don't think it cares
> whether it's GET or POST, does it? It shouldn't. If anything a redirect from
> https to http should be more suspicious.
>
>   
IE does not give any popup warning be it GET or POST. Firefox does on POST.
> Anyway, if you can't eliminate the callbacks, the amount of change here
> effectively kills any point in trying to reuse libshib-target at all. I'd
> use zxid or reimplement your own.
>
>   
I had a look at zxid some time ago but found it still in early stages of
development... I'm going to try and do some load tests to my module
while minimizing the callbacks needed for shibboleth (maybe I can
convince some applications to support https).

André

Attachment: signature.asc
Description: OpenPGP digital signature