Shibboleth 2.4.3 SAML2 and WAYF

Law, Bob Robert.Law at wolterskluwer.com
Fri Jan 13 20:00:43 GMT 2012 

That is probably due to me simply copying the daemon into
shibboleth/shibd and not replacing all of the files in
shibboleth/etc/shibboleth except for shibboleth2.xml.  So I have a half
way working implementation.  I will copy all of the files over and see
what works out.  I may decide to delete the old shibboleth entirely.  Am
I correct in assuming that the embedded discovery service can replace my
WAYF and support both clients that are either SAML2 or SAML1?  I know
that would make my life much simpler.

Robert Law
Software Engineer
Wolters Kluwer Health Medical Research
801.304.3012 tel
Robert.Law at wolterskluwer.com
www.ovid.com


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Cantor, Scott
Sent: Friday, January 13, 2012 12:52 PM
To: users at shibboleth.net
Subject: Re: Shibboleth 2.4.3 SAML2 and WAYF

On 1/13/12 2:34 PM, "Law, Bob" <Robert.Law at wolterskluwer.com> wrote:

>Unfortunately this is an old version of 1 from five or more years ago
>that I upgraded to 2.2 two years ago.  Now due to needing to use SAML2,
>we are upgrading to 2.4.  I have no idea whether or not my
configuration
>is correct any more after I have added the new lines into
>shibboleth2.xml.  This is a self compiled version of shibboleth running
>on Solaris 10.

Well, the schemas are wrong, so there's something off about the build.
It
might work with the appropriate pre-2.4 approaches as documented plus
the
new handler for the feed, or other things might break simply because
there's more wrong than just the schemas. At a minimum, any 2.4 only
config changes would not work because they'd be rejected at load time.
The
feed handler is a plug-point that doesn't actually require
schema-awareness so that could work.

I don't have any explanation for how a build from source would end up
with
the wrong schemas installed, but the files in
<prefix>/share/xml/shibboleth are out of date based on the error you got
with the new element.

-- Scott

--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net

More information about the users mailing list