Shibboleth Developers

["Jim Fox" <>]

This mostly concerns the infocard extension.

 

First, I was losing my session information after a trip through a jsp page.  This turned out to be due to 1) 2.1 writes an extra cookie, and 2) I had a 1.3 shib SP loaded on my Apache server in front of the IdP, and 3) the 1.3 SP merges Set-Cookie headers (fixed in 2.0), and 4) most browsers cannot deal with merged cookie headers.  Fixed this by dropping the SP.  Suspect most people don’t have an SP in front of their IdP.

 

Second, recall that in order to work with CardSpace we had to set the “no linebreaks” option in xmlsec.  It turns out that xmlsec version 1.4.2, while supporting that feature, also ignores linebreaks in the SignatureValue elements.  Old 1.4.1 left these with linebreaks intact.  Seems that neither classic CardSpace nor the new CardSpace ‘Geneva’ accept the new, 1.4.2 no-linebreaks.  By contrast DigitalMe ignores linebreaks and accepts all formats.

 

The new ‘Geneva’ does accept the 1.4.2 xml with linebreaks left in.  But it insists on requesting metadata, the mex resource, by doing a GET with content following the request.  Most everyone, except ws-transfer, thinks this is bogus and Apache drops the content.  Thus the GET doesn’t work.  Old, classic Cardspace and all DigitalMes do POSTS to get the mex info and that works fine.

 

I’m beginning to think that if Information Cards have any future it won’t be at MicroSoft.

 

 

Otherwise the 2.1 IdP is working fine.  I have the 2.1 of ArpViewer plugged in as well.

 

Jim