Embedded Discovery Service With Custom Service Provider.
Surinaidu Majji
pioneer.suri at gmail.com
Tue May 12 08:56:21 EDT 2015
On Thu, May 7, 2015 at 9:10 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 5/7/15, 10:49 AM, "Surinaidu Majji" <pioneer.suri at gmail.com> wrote:
> >
> >1) In order to make a request from the Non-Shibboleth SP to the Embedded
> Discovery service(EDS), currently we are making a HTTP GET request with
> 'entityId' and 'return' parameters from the Non-Shibboleth SP to the EDS.
> Now ,How can the request be made securely? and In which format does the
> request has to made?
>
> It isn't secure, it's just a GET. You're stating outright the format and
> then asking for the format. I don't really know what you want here.
>
Yes i understand contar, the format is HTTP GET, Since we are not using
Shibboleth SP, Our worry is about "any body who knows entityId can get the
idp metadata(discofeed) from the Our non shibboleth SP". How can we make
it secure. because we are not using "Identity Provider Discovery Service
Protocol and Profile" as you mentioned in the "specification, it's here
[1]."
>
> If you haven't read the specification, it's here [1]. That is the answer
> to any questions you have in general about the protocol, which is nothing,
> it's a redirect flow. It's dead simple. This is all overkill for everything
> you're doing. Just use a page with links on it.
>
> >
> >2) According to our understanding, initially SP is making a request to
> the EDS, then EDS is making a XmlHttpRequest back to the SP's discovery
> feed in order to pull in the data it needs
> > to render the UI.
>
> I'm not sure if it's done exactly that way or not, but it's an
> implementation detail.
>
> > So what is the main purpose of "SP requesting EDS to get the list of
> idp's"? and Why can't the EDS store the same json feed information(list of
> idp's) for display when SP is requested?
>
> The EDS is in Javascript, there's nowhere to "store" the information.
>
> -- Scott
>
> [1] https://wiki.oasis-open.org/security/IdpDiscoSvcProtonProfile
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150512/b5865bd4/attachment.html>
More information about the users
mailing list