Shibboleth Developers

[Chad La Joie <>]

André Cruz wrote:
> On Tue, 2008-04-15 at 13:17 -0400, Scott Cantor wrote:
> > > I guess this would mean that the IDP would have to store which SPs
> > > requested the attributes of which users and sending those SPs some
> > > logout messages with the correct NameID?
> > It does this already, I believe (not which attributes, that's immaterial, 
> > just the SPs, NameID, and the SessionIndex). The session manager code is 
> > there, just not the profile and UI code.
>
> Maybe Chad can enlighten us on the state of this in the 2.0 IDP? Where
> does the IDP store this information?
>
> This brings me to the topic of clustering IDPs. With 1.3 I use HaShib to
> distribute the Artifacts, etc. How is this done in the 2.0 IDP? I didn't
> find this in the wiki... This session information also has to be shared
> among the IDPs.

The IdP has a storage service interface that's pretty close to the SP's 
(technically this is in the OpenSAML in both cases).  You can see it 
defined in your internal.xml config file in Shib 2.  The clustering for 
2.0 will be done using Terracotta and just replicating the Map at the 
heart of that defined storage service.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch