shibboleth-dev - RE: Shibboleth and WebLogic Server
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: Shibboleth and WebLogic Server
- Date: Wed, 30 May 2007 21:01:54 -0400
> Sorry, I believe the Shibboleth SP uses the Issuer attribute of the SAML
> assertion to then obtain details from the metadata about the IdP.
Yes, though there are no rules in SAML for what you do with the Issuer, that
part is an implementation detail.
> WebLogic requires an APID parameter to be passed back to the ACS which
> it then uses to look up details from the configuration (and not any form
> of metadata).
The use of metadata is out of scope of the old standards, but requiring an
additional parameter is explicitly illegal. You can see why pretty easily,
it basically destroys any chance of interop; you might as well not have the
standard.
It's a mistake caused by people misinterpreting "Issuer" as "hostname" and
not having a coherent entity model and naming expectations in the older
specs. So they do nothing with Issuer and try and pass it some other way,
which is fine, but passing it outside the XML is not.
-- Scott
- Shibboleth and WebLogic Server, Brett Lomas, 05/29/2007
- RE: Shibboleth and WebLogic Server, Scott Cantor, 05/30/2007
- RE: Shibboleth and WebLogic Server, Brett Lomas, 05/30/2007
- Re: Shibboleth and WebLogic Server, Tom Scavo, 05/30/2007
- Re: Shibboleth and WebLogic Server, Brett Lomas, 05/30/2007
- RE: Shibboleth and WebLogic Server, Scott Cantor, 05/30/2007
- Re: Shibboleth and WebLogic Server, Brett Lomas, 05/30/2007
- RE: Shibboleth and WebLogic Server, Scott Cantor, 05/30/2007
- RE: Shibboleth and WebLogic Server, Brett Lomas, 05/31/2007
- Re: Shibboleth and WebLogic Server, Tom Scavo, 05/30/2007
- RE: Shibboleth and WebLogic Server, Brett Lomas, 05/30/2007
- RE: Shibboleth and WebLogic Server, Scott Cantor, 05/30/2007
Archive powered by MHonArc 2.6.16.