Some thoughts about Shibboleth (from a deployer point of view)

Cantor, Scott cantor.2 at
Mon Apr 11 09:56:05 EDT 2016

> For example what I found confusing was the fact that LDAP authentication
> Connector properties was handled by properties files, but attribute resolving
> Connector (from the same LDAP) was handled directly in XML.

Actually, they're both set with properties for the most part now, which is something that leads to confusion when people thnk that the same settings have to be used for both, which is often not correct for their environment.

The main reason the LDAP authentication settings are in properties is because the wiring of those objects is much more complex than the typical cases in the configuration, so it was an attempt to hide some of that complexity. I wanted, and still want, all the specific authentication settings used for a particular login option to be in the XML files. I wanted the properties to be mainly focused on settings that most deployers would need to change or at least consider, and if you're not using LDAP, you shouldn't have to be bothered with those settings.

-- Scott

More information about the users mailing list