Shibboleth Developers

[Adam Lantos <>]

My first intent is to get used to opensaml / openws, so the code is
more like a big bowl of spaghetti now. Most of the code will be thrown
out, as first tries always are.

Unfortunately the IdP does not send any requests by itself, so I
didn't find security and trust bits for SOAP/SSL clients and SAML
requests. For now, I'll also omit the policy/profile configuration for
logout requests (signing, nameid encryption), but it'll be included
later of course.



On Sun, Jul 12, 2009 at 11:17 PM, Scott 
Cantor<>
 wrote:
> Adam Lantos wrote on 2009-07-12:
>> I'm struggling a bit with commons-httpclient now, but after I'll
>> figure out how to properly use SSL client certificate authentication
>> and certificate check against SP metadata - I have the bits in place
>> now, it should work soon -, I'll post more details about back-channel
>> logout requests issued by the IdP. I expect to get my proof-of-concept
>> version working in the next few days.
>
> It's imperative that any code involving trust be using the same security 
> code from the rest of the stack. It doesn't matter for your purposes, but 
> there's no way we would ever even look at code that was one-offing that 
> stuff. It's too hard to get right and we cannot afford the chance of 
> introducing inconsistencies. All runtime checks must be using the same 
> trust engine code throughout the system.
>
> -- Scott
>
>
>