Shibboleth Developers

Hi all,

in the aim of the project I'm participating to, I am planning to take 
advantage from the work you did with Shibboleth in order to implement the SSO 
support for the project infrastructure, and trying to integrate SSO with 
GridSite and VOMS authentication as well.
 
In particular, my company developed a special component called Central 
Security Service which exposes various operations allowing the retrieval of 
user X.509 proxy certificates and eventually their VOMS or Shibboleth
attributes extensions.
Now we want to integrate the CSS and a Shibboleth IdP installation within 
something which is similar to a ShibVomGSite architecture. The CSS behaves
like the MyIdentityDB+VASH components do in the ShibVomGSite.

I am planning to apply some changes to the standard IdP code, in order to 
obtain a "modified"-IdP and enable the information echange process with the 
CSS. 

In the past days, I studied the source code of the IdP trying to identify
members and classes to patch. I'm unfortunately living some troubles in doing 
that, and would you to confirm some ideas and provide answers to some 
questions.
 
Here follows the list of my initial questions: 
- What are the packages and the classes which perform the three communication 
steps*? I found 
"edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.java", in 
which I found startUserAuthentication and completeAuthentication methods. Are 
they performing the right/full communication steps? 
- If not, where in the code the remaining steps are perfomed?
- How the CSS should provide info in the reply to IdP? I mean, what is the 
expected format of the provided info?

Thank you
Marco

* The three steps, as defined by ShibVomGSite architecture, are:
1. User Authentication through Shibboleth credentials (via MyIdentityDB)
2. Retrieval of user's and issuer's DN (via MyIdentityDB)
3. Retrieval of VOMS extensions mapped on user's attributes (via VASH)