SAML 1.1 Artifact
Cantor, Scott
cantor.2 at osu.edu
Thu Jan 19 15:04:54 GMT 2012
On 1/19/12 1:15 AM, "Chandra Tondepu" <chandrasekhar.tondepu at gmail.com>
wrote:
>(4) At the first cut, I want to ignore signing and encryption in local
>environment, so I turned it off in handler.xml and relying-party.xml and
>ensuring the server starts without errors on Service Provider
>configuration. Would this be enough? Or should I check anything else?
You shouldn't be touching handler.xml. Turning off signing is fine, the
security using artifacts comes from the TLS exchange.
>(5) Siteminder as SP gives two options (1) the assertion consumer
>service/saml credential collector can take basic auth (2) saml credential
>collector can do client certificate authentication, if I want to do basic
>auth with Shibboleth IDP, how can I initiate this?
We don't support basic-auth for authenticating the SP to the IdP during
SOAP communication. The Shibboleth SP does support it, though it's never
used, but not the IdP.
-- Scott
More information about the users
mailing list