Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] experiences with 2.1

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] experiences with 2.1


Chronological Thread 
  • From: Jim Fox <>
  • To: "" <>
  • Subject: Re: [Shib-Dev] experiences with 2.1
  • Date: Sun, 23 Nov 2008 19:48:03 -0800



There's no reason to be using 1.3 regardless.

We have several 1.3 SPs around campus so I keep one for testing.


We should use a compliant implementation, with absolutely no work- arounds,
and that's it. If that fails, report the bug and move on. If it prevents
Cardspace from even working, the technology is useless until it's been
fixed.

There is no room for compromise on this issue. I think that should be clear
by now. XML Signature is too complex to play these games, and you can't win.

I'm fine with that.



The new 'Geneva' does accept the 1.4.2 xml with linebreaks left in. But
it
insists on requesting metadata, the mex resource, by doing a GET with
content following the request. Most everyone, except ws-transfer, thinks
this is bogus and Apache drops the content. Thus the GET doesn't work.

There's nothing in HTTP that disallows a request body on a GET, AFAIK. I'd
be surprised if Apache just drops the body. Are you sure it's not Tomcat
doing that?



Well, I suppose I don't know. RFC 2616 seems to suggest GET is entirely determined by the URI. Most sites I find suggest GET with content is 'inappropriate', maybe not the same as invalid.

With Apache the content doesn't get to a cgi script either, so it's being lost somewhere.. I guess I'll look deeper.

Jim




Archive powered by MHonArc 2.6.16.

Top of Page