shibboleth-dev - Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication
Subject: Shibboleth Developers
List archive
Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication
Chronological Thread
- From: Chad La Joie <>
- To:
- Subject: Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication
- Date: Mon, 27 Oct 2008 07:10:05 +0100
- Openpgp: id=146B2514
- Organization: SWITCH
Dharam Veer wrote:
> Thanks Chad. Answers (rather questions :) inlined).
>
> On Mon, Oct 27, 2008 at 12:30 AM, Chad La Joie
> <>wrote:
>
>> Well, there isn't any reason you can't use the redirect binding. The
>> current handler.xml is set up as it currently is because that's what the
>> SAML spec currently defines. If you look at the spec there is nothing
>> that describes attribute query via front-channel mechanisms and so we
>> don't ship such a configuration in the example.
>
>
> DV> Yes, I noticed that in specifications but just wanted to ask the experts
> if there is any security concern exchanging attributes like this way.
> Although I do believe that there should not be any else then Web SSO profile
> would also be problematic.
>
>
>
>> However, if you don't
>> mind having a non-standard system you should be able to just attach a
>> redirect decoder/encoder pair to that profile handler and it should work
>> okay.
>
>
> DV > This is new. I have been reading Shibboleth code and entire
> architecture this weekend (great work guys, you rock !!) but I did not see
> anywhere attaching
> encoder/decoder paris to profile handlers. Only thing I see is specifying
> the inboundBinding and outboundBinding. I know that in internal.xml there is
> some configuration which associate encoders/decoders with bindings. Do you
> mean that just specifiying the binding in handler.xml would take care of it
> ?
Yes, those bindings correspond to decoders/encoders. If you look in the
code you'll see they are called things like
HTTPRedirect[Decoder|Encoder]. Binding is the name the spec uses to
refer to both the process of decoding and encoding on to the transport.
> DV > Would appreciate if you could throw some more light on this for me.
>
>
>
>> Note that attribute statements carried over redirect are likely
>> to be problematic and run in to web server URL length limitations.
>>
>
>
> DV > But HTTP POST should be go for that problem. No ?
Yes, post would be fine. You just mentioned Redirect specifically.
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/26/2008
- RE: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Scott Cantor, 10/26/2008
- Message not available
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/26/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Chad La Joie, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Chad La Joie, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Tom Scavo, 10/27/2008
- RE: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Scott Cantor, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Christopher A Bongaarts, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- RE: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Scott Cantor, 10/27/2008
- Message not available
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- RE: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Scott Cantor, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Steven_Carmody, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Chad La Joie, 10/27/2008
- Message not available
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Chad La Joie, 10/27/2008
- Re: [Shib-Dev] Obtaining user attributes from a web form at the time of authentication, Dharam Veer, 10/26/2008
Archive powered by MHonArc 2.6.16.