Shibboleth Developers

["Scott Cantor" <>]

> What about the session/attribute cache? Will it be maintained on the
> server process' memory space?

Yes, assuming you're using the in-memory cache plugins and not something
else.

I don't think that the in-memory listener will "just work" in 1.3 as there
are probably some issues getting things configured properly, but it's closer
to working code than any of the alternatives.

You would also need to make sure that all the various subsystems were
enabled in the ShibTargetConfig feature list, like Trust, the caches, etc.
Ordinarily only shibd enables them.

> IE does not give any popup warning be it GET or POST.

That depends on the settings. I know for a fact that it will warn on either
one if it's told to, I just tested that.

> Firefox does on POST.

Sorry, but it warns on GET too. I just verified that also. ;-)

> I had a look at zxid some time ago but found it still in early stages of
> development... I'm going to try and do some load tests to my module
> while minimizing the callbacks needed for shibboleth (maybe I can
> convince some applications to support https).

Like I said, you're not any better off with Artifact. Same warning.

-- Scott