Shibboleth Developers

[André Cruz <>]

On Tue, 2008-04-15 at 13:17 -0400, Scott Cantor wrote:
> > I guess this would mean that the IDP would have to store which SPs
> > requested the attributes of which users and sending those SPs some
> > logout messages with the correct NameID?
> 
> It does this already, I believe (not which attributes, that's immaterial, 
> just the SPs, NameID, and the SessionIndex). The session manager code is 
> there, just not the profile and UI code.

Maybe Chad can enlighten us on the state of this in the 2.0 IDP? Where
does the IDP store this information?

This brings me to the topic of clustering IDPs. With 1.3 I use HaShib to
distribute the Artifacts, etc. How is this done in the 2.0 IDP? I didn't
find this in the wiki... This session information also has to be shared
among the IDPs.

> > And what are application notifications? A way to deal with applications
> > sessions? How do we use it?
> 
> I haven't documented it yet, that and logout initiation are the two major 
> pieces I have yet to fill in the wiki. There are front and back channel 
> message loops that run during logout and NameID mgmt processing. Front 
> channel just relies on the cookie and usual attributes being available and 
> the app has to make sure to forward the message along. Backchannel uses a 
> simple XML schema and sends SOAP messages over a loopback with the logout 
> or NameID mgmt details.

I'm interested in the back channel approach. Does this XML payload
include some attributes of the user? Where do we register the
application endpoints?

I guess if you could document this part I would appreciate it.

Best regards,
André