shibboleth vs those "other" idps

Cantor, Scott cantor.2 at
Mon May 18 08:28:33 EDT 2015

On 5/15/15, 2:04 PM, "Kirk Turner-Rustin" <ktrustin at> wrote:

>We've only just started, but so far, in general, everything that we've 
>had complete control over in-house via access to source code, config 
>files, etc. has gone well, even with the steep learning curve (I 
>started work on implementing IdP v3 in mid-February, knowing nothing 
>about federation, SAML, etc. and juggling other big projects at the 
>same time, and I'm far from expert now). Everything that has relied on 
>support from third-party commercial vendors has been painful at best.

That's nice to hear, if sadly exactly what I have generally been told by 
virtually everybody without a vested interest in propping vendors.

That said, your perspective is a fresh one that we don't get access to as 
often as the long-time deployers, and it would be useful to hear any 
feddback on the weakest areas of our documentation or configuration 
because it's very hard to separate from the material after 15+ years.

>BTW, thank you, Scott and team for scripted attributes!

Note that most of the V3 machinery has scripted counterparts 
(conditions/predicates, functions) if you prefer that mode.

-- Scott

More information about the users mailing list