[mdx] Joe on 3.1.1
Cantor, Scott
cantor.2 at osu.edu
Fri Sep 27 07:51:32 PDT 2013
On 9/27/13 10:45 AM, "Ian Young" <ian at iay.org.uk> wrote:
>
>Is the same use case there in SAML 1.x artifact flows, then? Just so
>that I know whether to say SAML or SAML 2.0 when describing it.
It's there in principle, but mostly for Shibboleth probably. The old
artifact format allowed for essentially any "SourceID" for a given IdP,
and you'll recall SAML 1.x had no notion of "entityID" or any rigor around
naming of systems.
In practice, we use the SHA-1 hash as the SourceID for SAML 1.x artifacts
whenever possible, and if you didn't, then the MD query endpoint would
need to support a custom tag to do the lookup, I guess.
Which I suppose raises the possibility of punting all of this to a custom
query tag and not relying on the hashing explicitly. Maybe that's better
to insulate the SAML use case from the rest of the requirements.
But the SP at the moment does this:
else if (criteria.artifact) {
name = "{sha1}" + criteria.artifact->getSource();
}
We assumed that use of queries implied that the SourceID would be the
hash, regardless of artifact type.
-- Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5778 bytes
Desc: not available
URL: <http://lists.iay.org.uk/pipermail/mdx-iay.org.uk/attachments/20130927/7e73ae6b/attachment.bin>
More information about the mdx
mailing list