Skip to Content.
Sympa Menu

shibboleth-dev - RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?

Subject: Shibboleth Developers

List archive

RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?


Chronological Thread 
  • From: Peter Williams <>
  • To: <>
  • Subject: RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?
  • Date: Tue, 15 Apr 2008 10:10:48 -0700

 
 
 

I also warn you that I have never tested the FastCGI code. Andre donated it,
I ported it, and that's about it. I'll support it, but I have no idea if it
works.


 
With IIS7 making a move on FastCGI (to support components using dynamic language bindings, a la PHP), its worth spending some investigate-grade effort here - to see how a very simple impersonation model will works in the CGI/FastCGI handoff cases

I built and re-linked against v2.4.0 of fastCGI, taking a hint from inspection of the windows project files. Shib src is happy now, building the authorizer and responder.

-----------

Still working on having the high-level shib/opensaml/tooling/... packages import the log4shib package, in cygwin. How hard can it be to auto-config an include/ and lib/ ? Why would cygwin be any fussier than any other make/scripted UNIX build env? It will fall out to an easy solution, assuredly.

------

Thinking laterally, now:-

1. Our RDF/SPARQL server can invoke CGIs, and has its query language script has the API call to then impersonate the security context using NT tokens, and therefore kerberos tokens. CGI may be a way to easily get Shib to integrate with that server, rather than the current way (using Ping Identity's OpenToken gatewaying/rediecting concept). An alternative would be to put a COM wrapper around the FastCGI entry points so any COM consumer can use the Shib work, including all the .NET world.

2. Has anyone in practice ever operated a shibd on a network port, supporting to a variety of handlers over IP? Can Shib multiplex clients like this, with different SP metadata for each?




Archive powered by MHonArc 2.6.16.

Top of Page