Shibboleth Developers

[Bobby Lawrence <>]

Brent -
> You don't really need to modify this class.  You can just extend the
> class and override that method to implement this behavior, e.g. if
> super.selectEndpoint() returns null, and if AuthnRequest is signed
> (assuming the use of the SecurityPolicyRule that has already validated
> the signature) and contains an ACS URL, then use it.  You'd also need a
> bit of Spring config tooling to plug it into the IdP, but that's not too
> hard.  So you can in fact get this functionality in a supportable way
> without having to modify the IdP per se, maintain forked code, etc.
Is there any way you can show me how to do this?  I'm not very strong in 
Spring, but I've configured web apps with it.  I've never done anything 
like this before, but I did a bit of digging and found that its possible 
with Springs IoC container using MethodReplacers.  However I can't tell 
if its possible in this case because the IDP code uses 
AbstractSingleBeanDefinitionParser's to load the beans.  I cannot find 
how to inject this when using bean definitions created from arbitrary 
XML objects like the IDP does for most of its config...
From what I've read, the MethodReplacer is only configurable (I think) 
when using an XML bean definition and adding a <replace-method> 
element.  I've tried to add it to the XML for the SAML2SSO 
ProfileHandler but I get exceptions from Spring on startup.