Shibboleth Developers

[Paul Hethmon <>]

I built our Java SP on top of OpenSAML and made the choice to not do SAML 1.
The fact that I control the IdP for all of my SP's I guess makes that
easier. However, in my implementations over the last couple of years, I've
only done SAML 2.

I chose the filter/servlet approach for our Java SP, it seemed the cleanest
for us. Our jsp pages had to change very little to support it.


On 8/25/10 3:23 PM, "Chad La Joie " 
<>
 wrote:

> Well, I think the problem is that there is quite a large SAML 1 only
> install base right now and a lot of them aren't show much sign of
> moving.  We still know there are a significant number of folks running
> Shib 1.3 and many of the other opensource IdPs are are SAML 1 only.
> 
> I would love to not have to do it though, just because I think people
> should move to SAML 2, I'm just not sure it's realistic.
> 
> On 8/25/10 3:09 PM, RL 'Bob' Morgan wrote:
>> 
>>> In terms of protocols we'd implement the Shib and SAML 2 SSO and SAML
>>> 1 and 2 Attribute query profiles.
>> 
>> I wonder about the need to include Shib/SAML1. I suppose these are in
>> the existing Java OpenSAML libraries so support for them may not be
>> expensive, but once they're in the product they will stay in for a long
>> time, and costs to remove support eventually could be significant.
>> People are somehow meeting their Shib/SAML1 needs with existing methods;
>> new deployments should be supporting SAML 2. Is there deployer demand
>> for supporting the older protocol versions?
>> 
>> - RL "Bob"
>> 
>>