Questions about returning roles in the Assertion

Yaowen Tu yaowen.tu at
Fri Aug 31 13:55:42 EDT 2012

Thanks for your reply Scott.

Regarding your following answer:
         If you're not familiar with it, I'd avoid it, personally. Use a
database if that's what you're comfortable with.

The reason I am not using DB for my testing purpose is that Shib IDP has
OOTB JAAS and DataConnector for LDAP, but for relational DB it only has a
DataConnector. Is my understanding correct?

So I didn't want to spend too much time on implementing a DB JAAS before
experiencing the LDAP stuff.

Also I see that in the DataConnector, we are storing plain text for
"principalCredential" or "jdbcPassword". Is there an option to encrypt this


On Thu, Aug 30, 2012 at 6:56 PM, Cantor, Scott <cantor.2 at> wrote:

> On 8/30/12 9:47 PM, "David Bantz" <dabantz at> wrote:
> >
> >I trust and hope they are better informed now 8-}
> What he really ended up saying was that he didn't think it was a good
> thing to do. Which I don't agree with, but that moved it into the realm of
> the subjective.
> >Or do we need to send a delegation to Burton?
> Well, you may well encounter them telling people that federations like
> InCommon don't play any role in federating two organizations. They really
> don't understand SAML at all, but in their defense, their only real
> benchmark are the kinds of products that we're well aware are pretty
> broken when it comes to managing federation.
> I guess it's clearer to me that they learn a technology by evaluating
> products, not evaluating the potential of a technology itself. Pragmatic,
> and probably unavoidable.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list