Skip to Content.
Sympa Menu

shibboleth-dev - [Shib-Dev] [IdPv3] Relying Party Configuration Management

Subject: Shibboleth Developers

List archive

[Shib-Dev] [IdPv3] Relying Party Configuration Management


Chronological Thread 
  • From: Chad La Joie <>
  • To: Shib Dev <>
  • Subject: [Shib-Dev] [IdPv3] Relying Party Configuration Management
  • Date: Wed, 22 Jun 2011 10:06:33 -0400
  • Organization: Itumi, LLC

I've committed the first cut of the new relying party configuration management APIs (there are still a couple things missing). They can be found in the idp-profile-api module in the net.shibboleth.idp.relyingparty package.

The only significant change is the means by which the relying party configuration is selected. In v2, you provide an identifier that was matched against the entity ID of the request or the name of an entity descriptor of which the requester was a member.

This had two weaknesses. First, it is not explicit which of the two matching possibilities is really intended and second there is no ability to match on other criteria (e.g., affiliations and entity attributes).

The new selection process is detailed here:
https://wiki.shibboleth.net/confluence/display/IDP30/6.+Profile+Handling+and+Relying+Party+Configuration+Management

During the automatic upgrade process from v2 to v3, the <RelyingParty> id attribute will be assumed to be an entity ID, not an entities descriptor name.

--
Chad La Joie
http://itumi.biz
trusted identities, delivered


  • [Shib-Dev] [IdPv3] Relying Party Configuration Management, Chad La Joie, 06/22/2011

Archive powered by MHonArc 2.6.16.

Top of Page