Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] how good is the Shib SP ws-fedp support?

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] how good is the Shib SP ws-fedp support?


Chronological Thread 
  • From: "Cantor, Scott E." <>
  • To: "" <>
  • Subject: Re: [Shib-Dev] how good is the Shib SP ws-fedp support?
  • Date: Thu, 23 Jun 2011 00:21:02 +0000
  • Accept-language: en-US
On 6/22/11 8:11 PM, "Peter Williams"
<>
wrote:

>Well, I at 22 worked for a university college's commercialization arm (me
>and 2 others).

That's fine, but we don't have one, this is a purely open source project
with a trademark owned by Internet2.

>Someone offered me a "license" to get a joomla-plugin for some version of
>Shib, for $1500 - per server. Guessing it's a jip, from the comments.

Well, the *plugin* probably isn't saying it's Shibboleth, it's some
integration code that works along with the SP to make whatever joomla is
work. Is that a bad deal? Probably, but I suppose code in hand is worth
something. I don't know what the plugin has to do.

The confluence plugin is probably the most ambitious one around. Is it
worth $1500? Seems a bit much to me.

If they are saying they're selling you "Shibboleth", please forward any
info on that directly to any of us, since that's a trademark violation.

>Im perfectly well aware that how well shib (commercial version or
>otherwise) works with ws-fedp is a function of the knowhow of the folks,
>working here. How well DOES IT? Is the real question.

Minimally I would say. Very little use that I know about.

>For example, a very obvious simpleSAML token decoder in joomla did NOT
>assume that multiple tokens MIGHT be a response - and thus cannot work
>with the MSFT "best practices" FP agent, which re-casts a upstream token
>for the SP, having done (yet) some (more) claims transformation. The
>typical WIF-build FP agent happens to construct token encodings that the
>obvious script-based decoders FAIL to parse (and handle).

Well, here's the point: that is NOT compliant with the profile that was
used for interop testing of ADFS back in the day. Microsoft can play games
all they want, but it won't interoperate.

>As a commercial user, Id be QUITE happy to pay $1500 for a "problem
>solver", having built in extensive interoperability testing. Obviously,
>I don't want to pay $1500 for what is publicly available, dressed up for
>sale.

It seems unlikely to me that they're offering you a better plugin for
WS-Fed in the SP.

-- Scott


Archive powered by MHonArc 2.6.16.

Top of Page