Shibboleth Developers

["Scott Cantor" <>]

I have a style sheet written to translate the 1.3 shibboleth.xml into the
2.0 shibboleth2.xml:

http://tinyurl.com/2fubna

I'm still in the eyeballing stage, I haven't tried the resulting file yet,
so there may be a few XML glitches.

I would appreciate any feedback on it and if you have something that it
won't translate but you think is reasonably possible to implement, I'll
consider it.

It will be in the final release of the SP, but I doubt I'll have the
installation actually run it.

Some things it doesn't handle:

- anything with attributes, translating AAP into attribute-map, etc.
- older features that were never really usable or documented, such as XML
signing of requests
- older ADFS configs
- MySQL or custom cache plugins

A brief summary of what it can do:

- Produce a valid config at least structurally.
- Migrate the entire RequestMap, along with the ISAPI Site mappings
- Migrate applications, including the providerId, and basic session settings
- Migrate local metadata sources
- Create the same defaults for endpoints and policy that the normal 2.0
install has
- Tries to migrate older SessionInitiators

The last one isn't all that usable, but what it does is by default create a
WAYF-centric initiator chain and copies over your WAYF location. If you give
it a parameter named idp, it will copy that into the first SessionInitiator
chain as an entityID parameter.

The idea is for intranet/single IdP deploys to run it with that parameter so
it can plug in your IdP name for you. Your old SSO location will still be in
there as a WAYF URL, so you'd have to manually yank that but it shouldn't
hurt anything.

I'm not trying to be perfect, but I though this would help some, and it can
evolve.
 
-- Scott