Skip to Content.
Sympa Menu

shibboleth-dev - RE: Shibboleth and WebLogic Server

Subject: Shibboleth Developers

List archive

RE: Shibboleth and WebLogic Server


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: RE: Shibboleth and WebLogic Server
  • Date: Wed, 30 May 2007 21:01:54 -0400

> Sorry, I believe the Shibboleth SP uses the Issuer attribute of the SAML
> assertion to then obtain details from the metadata about the IdP.

Yes, though there are no rules in SAML for what you do with the Issuer, that
part is an implementation detail.

> WebLogic requires an APID parameter to be passed back to the ACS which
> it then uses to look up details from the configuration (and not any form
> of metadata).

The use of metadata is out of scope of the old standards, but requiring an
additional parameter is explicitly illegal. You can see why pretty easily,
it basically destroys any chance of interop; you might as well not have the
standard.

It's a mistake caused by people misinterpreting "Issuer" as "hostname" and
not having a coherent entity model and naming expectations in the older
specs. So they do nothing with Issuer and try and pass it some other way,
which is fine, but passing it outside the XML is not.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page