Shibboleth Developers

[Peter Williams <>]

This is the dev list, not support list. So coding issues are on even on topic 
(peter trying to be disciplined). We have been changing our IDP code to 
accommodate the general notion, and I'll try it with a pair of  actual 
Shib-based SPs later.

I thought (f) was merely an expression of what Nate was pointing out in his 
simulation-of-idp-initiated "trick"!!

It was little more than an afterthought, designed to codify his trick. Acted 
like a test to ensure that the definitions could deal with the outlier case, 
too.

Can Shib SP handle multiple assertions in a response? (or perhaps, better, is 
an array of n>1 assertions a part of the security concept of Shib?)


-----Original Message-----
From: Scott Cantor 
[mailto:]
Sent: Friday, October 17, 2008 11:26 AM
To: 

Subject: RE: [Shib-Dev] idp-initiated SSO

> (f) Formally, the IDP is entirely entitled to play the role of the third
> party.

That seems rather dumb to do, but yes, I suppose so.

This question has been answered. We don't support either the third party
extension nor a UI to initiate SSO from inside the IdP. Sorry, that's life
at the moment. What we do support is a coherent approach for initiating SSO
from an SP from outside that SP, which IMHO is rather more useful since it
doesn't require that the IdP guess as to the contents of that request.

If you want a new feature, we have a system for requesting it. Like all open
source projects, the odds of getting it are proportional to the amount of
code you supply to implement it.

-- Scott