Shibboleth Developers

["Scott Cantor" <>]

> > - Client transport authentication to SOAP endpoints
> 
> I would be grateful if you could expand on what you mean by this (or
> alternatively point me to the relevant docs, I wasn't able to find any
> yet...).

https://spaces.internet2.edu/display/SHIB2/NativeSPRelyingParty

I don't know that it's going to help much, it doesn't say much more than the
notes did. Are you asking what I mean by that phrase?

There are two general kinds of SOAP authentication, transport and message.
Message means WS-Security, which I have not coded. Transport means (in the
SOAP over HTTP case) that authentication happens at the HTTP level (or below
as with TLS).

The setting in question is about how the SP authenticates to SOAP services.
That covers queries, artifact resolution, back channel logout, etc.

> And when you say 'NTLM' are you talking about this...
> 
> http://www.innovation.ch/personal/ronald/ntlm.html

I have no earthly idea. It's whatever libcurl supports. I think it's the
stuff IIS used before they switched to SPNEGO (which is what the gss option
means, I think).

http://curl.haxx.se/docs/manpage.html

I saw no reason not to just permit whatever libcurl allowed, it wasn't hard
to expose. Now that I'm looking at the docs, I think I can fix the gss
option to omit username/password. It doesn't need a real value for that.
 
-- Scott