Shibboleth Developers

[Bernd Oberknapp <>]

On Fri, 5 Oct 2007, 

 wrote:

> Has anyone been testing the Shibboleth Beta with any WAYF/DS
> applications?  I am curious if there is a good starting point on using
> them and properly configuring the SP (and presumably the WAYF/DS) for
> pure SAML2 based transactions.  I am most familiar with the Switch WAYF,
> but I am open to other options if it is not SAML2 viable.

I'm currently testing the beta with the WAYF/DS from subversion. You
only have to add

<Extensions>
  <idpdisc:DiscoveryResponse
    
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
    Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
    Location="https://your.sp.name/Shibboleth.sso/DS";
    index="1"/>
</Extensions>

to the SPSSODescriptor to make the WAYF/DS respond to DS requests from
the SP and use the DS SessionInitiator (predefined in shibboleth2.xml in
the beta) to initiate the request. The DS is protocol-independent, it
just returns the entityId selected to the SP and then the SP decides
with protocol to use.

Best regards,
Bernd

-- --------------------------------------------------------------------- --
Dipl.-Math. Bernd Oberknapp       Universitaetsbibliothek Freiburg
Tel: +49-761 / 203-3852           Platz der Universitaet 2 | Postfach 1629
Fax: +49-761 / 203-3987           79098 Freiburg           | 79016 Freiburg