help signing metadata

Cantor, Scott cantor.2 at osu.edu
Tue Oct 25 19:15:40 BST 2011


On 10/25/11 2:04 PM, "Jonathan Bricker" <jbricker at exacttarget.com> wrote:

>I'm just trying to solve a problem my bosses have given me which is more
>of a PKI problem. 

SAML is not PKI.

> They care more about certs so I must care about certs.  My question was
>just to give me a direction to look. I now have a much better
>understanding of what I can and can't do with the SP.
>
>Is there a decent doc for making plugins for the SP?

No. Not enough demand to make it worth the project's time and money.

But I can't think of any way to do this with a plugin at all, frankly. You
can't do something at metadata load time that forces it to require
something at runtime. They just don't match up.

If you want to use PKIX, then you need to just do that. There isn't much
documentation on that, but what exists is mostly at
https://wiki.shibboleth.net/confluence/display/SHIB2/PKIXTrustEngine

-- Scott



More information about the users mailing list