Splitting the relying-party.xml

Cantor, Scott cantor.2 at osu.edu
Tue Aug 25 19:00:38 UTC 2020

On 8/25/20, 2:48 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

>    So, when might we see metadata-driven (or similar) overrides for the OIDC profiles? At present, the big limitation to
> the OIDC implementation is that we can't put tags in metadata that I know of, and there's no facility for tagging clients
> after the metadata is loaded. We've got a set of clients that have different constraints on token lifetime, and it'd be
> great to not have to manually maintain a list of them in a relying party override.

By moving all of it to SAML metadata, basically, same as CAS. There's already an implementation built that can do much more than just tagging (eg. resolving client secrets with the attribute resolver). [1] We're reviewing the metadata profile internally right now, it's just not published in the wiki yet. Should be soon.

We can probably figure out ways of bridging the formats later, the priority is just making sure the functionality is there and we already have all of it done for this format without doing extra work.

-- Scott

[1] https://issues.shibboleth.net/jira/browse/JOIDC-5

More information about the users mailing list