Shibboleth Developers

[Lukas Haemmerle <>]

@Frank:
> what happens, if a service-provider ist member of more then one
> federation? Would it work too?

Yes, as you can see in the example of kelimutu.switch.ch this is already
supported. In such a case, the embedded WAYF first sets a cookie to
remember that setting and then sends the user to
/Shibboleth.sso/Login?entityId=#selectedEntityIDOfRemote federation#

So, from there on the SP itself handles the rest.


@Josh:

> The IdP is hanging for me...

No idea why it was not working for you. I just tried and it worked as
expected :) Try selecting the 2. entry from top (should be the default
one anyway).


@Peter:

> Well, I don't like JavaScript but according to Embedded-DS.txt it
> would allow for both customization of IdPs listed as well as
> customization of the look and feel, so for sites already dependent on
> JS I guess this would be Good News.

Yes, that was the goal. Of course, if a user has Javascript disabled all
of this won't work. However, you still could insert - as in the example
- a noscript fallback to at least tell the user to turn on javascript or
maybe present a link that sends the user to
/Shibboleth.sso/DS?target=#URL where the user shall land on#

In the end, there are so many web applications today requiring
Javascript that it is almost infeasible to turn it off completely. Even
Shib relies to some extent on Javascript for sending the assertions via
browser post. Turning off Javascript for Shib will force users to
manually submit the form that posts the assertions, which probably will
be so annoying in the end that they will turn Javascript on again :)


Lukas

-- 
SWITCH
Serving Swiss Universities
--------------------------
Lukas Haemmerle, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 64, fax +41 44 268 15 68
,
 http://www.switch.ch