Blackboard Transact & IDP 3.x

Powell, Alan powela at
Fri Apr 8 14:27:08 EDT 2016

On the bright side, Ive learned more about Shibboleth configuration in the
last month than I did in the three years Ive been running an IDP - Ive
never had any issue with integrating with any of the other six vendor
products we use; it¹s usually effortless.

At any rate, since its clear the 443 requirement is hogwash, I switched
to 8443 and got rid of the p:encryptAssertions=³false² in <bean
parent="SAML2.AttributeQuery" /> and works fine. One less thing to bite me
with another integrationŠ

>Message: 4
>Date: Fri, 8 Apr 2016 15:44:59 +0000
>From: "Cantor, Scott" <cantor.2 at>
>To: Shib Users <users at>
>Subject: RE: Blackboard Transact & IDP 3.x
>	<9846A6064BD102419D06814DD0D78DE1128B3C03 at>
>Content-Type: text/plain; charset="us-ascii"
>> I missed your earlier response. I am indeed running it over port 443
>> now that you mention, it it explains why I needed to do it when others
>> seemingly did not. The original document Blackboard provider for using
>> Shibboleth insisted you use port 443 (Im not suggesting that makes sense
>> but it was in their document)
>Thanks. This thing is really something.
>I don't really know if what you're doing is secure, or not, but I guess
>it must be authenticating that query somehow for your release policy to
>be working. Maybe it's signing the query.
>What it's doing is assuming that because you're using 443, you're not
>doing mutual TLS with the SP, and so there's no MITM protection for the
>data. So it encrypts it by default and treats it as a non-confidential
>channel. That's a feature in V3 that's designed to start migrating people
>to using the front channel port for back channel requests without losing
>-- Scott

More information about the users mailing list