Shibboleth Developers

["Scott Cantor" <>]

> yesterday morning I started out at around 8am getting and building
> shib2.0 SP from SRPMS.  To get it all built and configured took
> around 3 hours (I was trying to understand some of the new config
> options).  Then I began working the applications to make attribute
> name changes which took another hour or so since I didn't want to
> alter what came with shib (to avoid too much customizing).

To be clear, it is the intent that you can always customize Shibboleth
rather than the application, whenever possible anyways. There's nothing
official or gospel about the atttribute map (or the AAP in 1.3), it's just
an example. The SAML names are according to our profile but what you turn
them into is a local decision.

The SP is moving toward the IdP's model of "resolving" attributes based on
other attributes, and the map is just an example of doing that in a
SAML-specific way.

It's the local attributes that the application is really dealing with, and
I'm trying to make that more explicit in 2.0.

Just FYI, glad it went well otherwise.

-- Scott