Shibboleth Developers

["Scott Cantor" <>]

> The current release of SP v2.4 requires that the entityId given by the
> DS must be exactly as same as the one contained in the MD.

There is no release yet, but that's a given, so I'm not sure what you're 
thinking about.

> That makes it
> impossible to tell the SP that "you don't know the IdP, go ask third
> party for metadata about an opaque string".

If you take the entityID from the DS and do something in a transform that 
turns it into something else, it may not be quite "opaque", but it doesn't 
have to be the entityID itself.

But there doesn't seem to be a use case motivating this hashing step as a 
possible transform. What is necessary is to extend it to allow for querying 
directly on artifact sourceID. Currently that's not allowed because 
originally the lookup input was treated as the URL directly.

Note that this use case has no relationship to the DS use case.

> Furthermore this SP plugin does not support redirect. This was actually
> a problem for me to tell the SP where to retrieve metadata.

I suspect a TransportOption to toggle the right libcurl option would fix 
that, but the SOAP stack (which this is running on top of) is not designed to 
do that by default for obvious reasons. Since this isn't SOAP, I'll see if I 
can adjust that setting by default.

-- Scott