shibboleth-dev - Re: [Shib-Dev] yet another java SP implementation....
Subject: Shibboleth Developers
List archive
- From: Christopher Bongaarts <>
- To:
- Subject: Re: [Shib-Dev] yet another java SP implementation....
- Date: Mon, 03 Jan 2011 15:55:27 -0600
- Organization: University of Minnesota
Steven Carmody wrote:
On 1/3/11 4:10 PM, Cantor, Scott E. wrote:
This is the second major vendor we've encountered that saw that text,
and for their own reasons decided to go ahead and implement that profile.
"For their own reasons" == to ignore discovery.
some commercial providers seem to consider it unacceptable to provide what we call "Discovery" (ie a page that might be interpreted as a list of customers...). The Info Providers (eg ebsco, Elsevier, etc) have never been bothered by this; however, companies in other spaces seem very uncomfortable doing this.
The ones we've dealt with have usually been on the business side (HR, travel, W2 forms, etc.) and seem to reflect an assumption on the SP side that everyone has a Corporate Intranet that all users log into first before accessing any external services. Thus the tendency to support IdP-first as the "standard" flow. This may well be correct for most businesses, but in a university setting it falls apart.
Come to think of it, most of our users probably don't go to any of our external SPs directly; they usually follow links from our pages, either our HR self-service page, our library's list of databases, our career services site, or our local landing pages for Google Apps. In all those cases, why add an extra request/redirect to the loop, if you know what the IdP is going to be from the get-go? Until you add either multiple IdPs or custom authentication requirements, this seems like the simplest path.
We've been lucky so far in that all the IdP-first-only SPs have been able to speak SAML 1, and the legacy Shib protocol has worked for us to talk to these sites.
--
%% Christopher A. Bongaarts %%
%%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
- [Shib-Dev] yet another java SP implementation...., Steven Carmody, 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Chad La Joie, 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., McDermott, Michael, 01/03/2011
- RE: [Shib-Dev] yet another java SP implementation...., Cantor, Scott E., 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Steven Carmody, 01/03/2011
- RE: [Shib-Dev] yet another java SP implementation...., Cantor, Scott E., 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Steven Carmody, 01/03/2011
- RE: [Shib-Dev] yet another java SP implementation...., Cantor, Scott E., 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Christopher Bongaarts, 01/03/2011
- RE: [Shib-Dev] yet another java SP implementation...., Cantor, Scott E., 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Steven Carmody, 01/03/2011
- RE: [Shib-Dev] yet another java SP implementation...., Cantor, Scott E., 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Chad La Joie, 01/03/2011
- RE: [Shib-Dev] yet another java SP implementation...., Cantor, Scott E., 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Chad La Joie, 01/03/2011
- RE: [Shib-Dev] yet another java SP implementation...., Cantor, Scott E., 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Chad La Joie, 01/03/2011
- RE: [Shib-Dev] yet another java SP implementation...., Cantor, Scott E., 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Steven Carmody, 01/03/2011
- Re: [Shib-Dev] yet another java SP implementation...., Chad La Joie, 01/03/2011
Archive powered by MHonArc 2.6.16.