Skip to Content.
Sympa Menu

shibboleth-dev - RE: [Shib-Dev] idp-initiated SSO

Subject: Shibboleth Developers

List archive

RE: [Shib-Dev] idp-initiated SSO


Chronological Thread 
  • From: Peter Williams <>
  • To: "" <>
  • Subject: RE: [Shib-Dev] idp-initiated SSO
  • Date: Fri, 17 Oct 2008 11:42:57 -0700
  • Accept-language: en-US
  • Acceptlanguage: en-US

This is the dev list, not support list. So coding issues are on even on topic
(peter trying to be disciplined). We have been changing our IDP code to
accommodate the general notion, and I'll try it with a pair of actual
Shib-based SPs later.

I thought (f) was merely an expression of what Nate was pointing out in his
simulation-of-idp-initiated "trick"!!

It was little more than an afterthought, designed to codify his trick. Acted
like a test to ensure that the definitions could deal with the outlier case,
too.

Can Shib SP handle multiple assertions in a response? (or perhaps, better, is
an array of n>1 assertions a part of the security concept of Shib?)


-----Original Message-----
From: Scott Cantor
[mailto:]
Sent: Friday, October 17, 2008 11:26 AM
To:

Subject: RE: [Shib-Dev] idp-initiated SSO

> (f) Formally, the IDP is entirely entitled to play the role of the third
> party.

That seems rather dumb to do, but yes, I suppose so.

This question has been answered. We don't support either the third party
extension nor a UI to initiate SSO from inside the IdP. Sorry, that's life
at the moment. What we do support is a coherent approach for initiating SSO
from an SP from outside that SP, which IMHO is rather more useful since it
doesn't require that the IdP guess as to the contents of that request.

If you want a new feature, we have a system for requesting it. Like all open
source projects, the odds of getting it are proportional to the amount of
code you supply to implement it.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page