Shibboleth 2.4.3 SAML2 and WAYF

Law, Bob Robert.Law at
Fri Jan 13 20:44:35 GMT 2012

It's good to have that cleared up.  Is there a DS available for download
or purchase? 

Sorry for all the stupid questions.  I have a meeting Monday morning to
go over this.

Robert Law
Software Engineer
Wolters Kluwer Health Medical Research
801.304.3012 tel
Robert.Law at

-----Original Message-----
From: users-bounces at [mailto:users-bounces at]
On Behalf Of Cantor, Scott
Sent: Friday, January 13, 2012 1:41 PM
To: users at
Subject: Re: Shibboleth 2.4.3 SAML2 and WAYF

On 1/13/12 3:21 PM, "Law, Bob" <Robert.Law at> wrote:

>Our WAYF simply lists the federations and when selected the entities
>that belong to the federation.  It then redirects the browser to the
>entity for login.

The EDS is oriented around a very different UI from that, mainly because
users do not know what federations are and cannot be expected to choose
one. I don't believe it can be easily used to reproduce such a UI, but I
wouldn't know.

The stand alone DS on the other hand can almost certainly produce a UI
along those lines.

>If the embedded DS does not support saml1 then we won't be able to use
>it.  Doesn't the SSO tag allow both saml1 and saml2?  Is it just the
>code in shibboleth that won't send out saml1?

I didn't say anything like that. The DS protocol is SSO protocol
It doesn't know or care what the SSO protocol will be. There are
protocols involved here, one for discovery and another for SSO.

The SP supports all SAML versions unless it's configured not to.

-- Scott

To unsubscribe from this list send an email to
users-unsubscribe at

More information about the users mailing list