shibboleth-dev - RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?
- Date: Wed, 16 Apr 2008 14:43:55 -0400
- Organization: The Ohio State University
> The goal of compiling the Shib2.0 src for win32 was to fix the reason why
I
> cannot get the obvious case you describe to work on IIS7 - and which I
tried
> initially with TestShib: have its metadata-making service configure shib
on
> the basis that IIS7 is listening on an address that is a simple domain
name
> to which the internet directly route packets, and Shib intercepts certain
> URL to apply its session management controls (as a proxy for access
> controls).
Sorry, no idea what any of that means. IIS 7 is in no way supported being
that it isn't yet available to me, but none of that sounds like anything to
do with IIS. If it works at all, it should work with the existing binaries.
> When I did that obvious deployment case on first using Testshib, I found
> that the Shib filter would not invoke websso, letting the user straight
into
> the /secure resources.
Then you had it misconfigured about what the server's hostname is, nothing
more complex than that. IIS does not know its name, unlike Apache. You have
to tell it the name via the Site element, and use that name in the
RequestMap, and that's it. Nothing too hard about it. If it still doesn't
work, the filter wasn't even loading, which is a different set of problems.
Since it sounds like you did get the filter to load, I imagine the problem
was the former one.
> admonishment.Hopefully, somone has documented their II7 working example
with
> TestShib SP, and then I can search out someone who has working deployement
> of the ShibSP's ECP feature set, etc.
That feature has only been in release for about a month, nor are there any
ECP clients around, so the search will be fruitless at this time.
As far as the feature set, if there's something in the profile you're
wondering about, whether it's supported or whatever else, feel free to ask.
> We will see. I will go read the architectural docs in the wiki.
I'm not aware of anything in that area, at least nothing extensive, and
definitely nothing on the SP code at this time. Supporting people
implementing their own SPs isn't a project goal at this time, and
documenting opensaml apart from the API docs remains a long way off.
-- Scott
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Peter Williams, 04/14/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Peter Williams, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Scott Cantor, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Peter Williams, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Scott Cantor, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Peter Williams, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Scott Cantor, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Peter Williams, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Scott Cantor, 04/16/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Peter Williams, 04/16/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Scott Cantor, 04/16/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Scott Cantor, 04/16/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Peter Williams, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Scott Cantor, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Peter Williams, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Scott Cantor, 04/15/2008
- RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?, Peter Williams, 04/15/2008
Archive powered by MHonArc 2.6.16.