Shibboleth Developers

[Brent Putman <>]

On 7/26/10 10:24 AM, Scott Cantor wrote:
> I think that's just how Brent did the implementation. The RelyingParty
> config is used when the intermediary is acting as the client in order to
> authenticate it as a delegate of the user.
>    

No,  I think I was wrong about that earlier in the thread.  It's been a 
year since I thought about all of this.  :-).  It's actually (I think) 
the logical thing that you'd expect - the policy if determined by the 
SAML requester/relying party, not anything to do with the ECP.
> I could be wrong, but I seem to recall that the config might get reworked
> when the code is eventually merged into 3.0. It is a bit invasive at the
> moment. But it's not all that easy to express the policy complexity here.
>
>    

Yeah, the think the thing that's odd right now re: the configuration is 
that you also have to have a RelyingParty element for the portal/ECP, 
because only the ProfileConfiguaration carries some needed config info, 
and it has to be scoped to the portal/ECP in question.  If and when we 
move this into the core code, and the config possibly goes directly on 
the RelyingParty, then the need to configure the ProfileConfiguration 
for the portal/ECP might go away.