Shibboleth 2.4.3 SAML2 and WAYF

[Law, Bob]

It's good to have that cleared up.  Is there a DS available for download
or purchase? 

Sorry for all the stupid questions.  I have a meeting Monday morning to
go over this.

Robert Law
Software Engineer
Wolters Kluwer Health Medical Research
801.304.3012 tel
Robert.Law at wolterskluwer.com
www.ovid.com


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Cantor, Scott
Sent: Friday, January 13, 2012 1:41 PM
To: users at shibboleth.net
Subject: Re: Shibboleth 2.4.3 SAML2 and WAYF

On 1/13/12 3:21 PM, "Law, Bob" <Robert.Law at wolterskluwer.com> wrote:

>Our WAYF simply lists the federations and when selected the entities
>that belong to the federation.  It then redirects the browser to the
>entity for login.

The EDS is oriented around a very different UI from that, mainly because
users do not know what federations are and cannot be expected to choose
one. I don't believe it can be easily used to reproduce such a UI, but I
wouldn't know.

The stand alone DS on the other hand can almost certainly produce a UI
along those lines.

>If the embedded DS does not support saml1 then we won't be able to use
>it.  Doesn't the SSO tag allow both saml1 and saml2?  Is it just the
>code in shibboleth that won't send out saml1?

I didn't say anything like that. The DS protocol is SSO protocol
agnostic.
It doesn't know or care what the SSO protocol will be. There are
multiple
protocols involved here, one for discovery and another for SSO.

The SP supports all SAML versions unless it's configured not to.

-- Scott

--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net