Shibboleth Developers

[Chad La Joie <>]

I've committed the first cut of the new relying party configuration 
management APIs (there are still a couple things missing).  They can be 
found in the idp-profile-api module in the 
net.shibboleth.idp.relyingparty package.

The only significant change is the means by which the relying party 
configuration is selected.  In v2, you provide an identifier that was 
matched against the entity ID of the request or the name of an entity 
descriptor of which the requester was a member.

This had two weaknesses.  First, it is not explicit which of the two 
matching possibilities is really intended and second there is no ability 
to match on other criteria (e.g., affiliations and entity attributes).

The new selection process is detailed here:
https://wiki.shibboleth.net/confluence/display/IDP30/6.+Profile+Handling+and+Relying+Party+Configuration+Management

During the automatic upgrade process from v2 to v3, the <RelyingParty> 
id attribute will be assumed to be an entity ID, not an entities 
descriptor name.

--
Chad La Joie
http://itumi.biz
trusted identities, delivered