How-to build a custom federation

romain.dauby at orange.com romain.dauby at orange.com
Thu Sep 17 05:20:12 EDT 2015


On 17/09/2015 10:53, Peter Schober wrote:
> A.k.a. you brought the complexity of more than 1 IDP upon yourself.
>
> An alternative would have been to make copy of the old prod IDP,
> assign it a different IP address and access it from your workstation
> via a tuned DNS resolver config (/etc/hosts or equivalent).
> That should allow you to use the cloned instance with all the existing
> SPs, without involving them.
> Then update the cloned IDP to v3 according to the v2-to-v3 update docs
> and test, configure, test until it works as desired.
> Finally, replace the prod IDP with the clone. Always keeping the
> entityID, so not needing to involve SPs.
We needed an IDPv3 for technical issues in a new product. And we are 
going to migrate others SP to this new IDPv3 without service 
interruption. But we have lots of SPs, it'll take a long time (we plan 
about 6 months or more).

So it's a comfort if users don't need to click on something to login in 
all SPs regardless the IDP. But I understand your answers :)
Sorry if I wasn't specific enough.

-- 


*Romain DAUBY*
Ingénieur d'Etudes SI


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150917/6c41d4da/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: obs_left.gif
Type: image/gif
Size: 2201 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20150917/6c41d4da/attachment-0001.gif>


More information about the users mailing list