Shibboleth Developers

["Joana M. F. Trindade" <>]

Hi,

I have implemented a non-browser client (http user agent), that issues a samlp:AuthnRequest and sends it over TLS (Base64 encoded) to a Shib IdP. I intend to implement a Shib profile handler according to the protocol described in [1] and [2]. 

Since I have not finished implementing the handler yet, I am testing whether the samlp:AuthnRequest is "correct" by sending it to the SSO Profile Handler (/profile/SAML2/POST/SSO). I do this by spoofing the issuer in the AuthnRequest, setting it to a SP which is already registered with the IdP (https://sp.testshib.org/shibboleth). This gives me no error nor a Response, which seems like expected behavior. However, I would like to properly set the issuer as my non-browser client.

My question is: how do I configure the relying party so that each time the IdP receives a samlp:AuthnRequest from this non-browser client, it asks for the client to authenticate with the method I intend it to? 

I read the wiki on this subject ([3]), but could not find the referred xml tags (RelyingParty, defaultAuthenticationMethod) in my IdP's relyingparty.xml, neither examples of files.

Any pointers or advice will be highly appreaciated.

Cheers,
Joana

[1] - http://dev.globus.org/wiki/Google_Summer_of_Code_2008_Ideas#SAML_Holder-of-Key_Authentication
[2] - http://dev.globus.org/wiki/GSoC08/SAML_Holder_of_Key_Authn_for_HTTP_SSO
[3] - https://spaces.internet2.edu/display/SHIB2/IdPUserAuthn
-- 
Joana M. F. da Trindade

Email: 
Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
LinkedIn: http://www.linkedin.com/in/joanatrindade