Shibboleth Developers

["Tom Scavo" <>]

On 10/31/07, Scott Cantor 
<>
 wrote:
> >
> > * Can the Shib IdP 2.0 be made to issue such an assertion?
> > * Will the Shib SP 2.0 do account linking?
>
> The SP doesn't have accounts, so of course no. The SP is stateful only with
> respect to sessions, it will never be stateful itself across them, though
> various plugins can be.

Okay, that's what I expected.

> > * Will the Shib SP 2.0 do local attribute resolution?
>
> Interface yes, implementation no. The only resolver I wrote does SAML
> queries (based on the subject of the SSO session).

Yes, I expected this as well.  In that case, we'll provide a local
attribute resolver based on Shib IdP code.

> > * If the answer to the previous question is no, will the Shib SP 2.0
> > expose the raw SSO assertion?
>
> If you dereference the loopback URL with the SAML URI binding, you get the
> assertion. I believe by design the first URL it exposes is always the
> original SSO assertion.

Oh, that's a cool use of the new URI binding, thanks.

Tom