Storing persistentId using an HTTP DataConnector

spfma.tech at e.mail.fr spfma.tech at e.mail.fr
Wed Nov 9 14:44:18 UTC 2022 

Hi,   We need an IdP because we use some federated services, and since yesterday I was able to get at least two names for sure. But we are not offering any service to other parties, so we don't have any SP to manage (but in the future, who knows ?).    Right now I am just trying to have our IdP3 migrated to Idp4, with everything useful working and maybe some useless or bad things too.    But if there is a way to get rid of the database, I am interrested.    Someone in the previous team seem to have followed a PDF document (now unavailable, I was able to find the title of a dead link) around seven years ago, about the importance of providing a PersistentID. Most probably it was also some kind of recipe and this person followed it.      But according to the way it has been implemented, the database is running on the IdP3 and no other host is allowed to connect. So I doubt it is managed by any human or any kind of script. It's an "appliance" server almost nobody has access to (except us admins).  I will keep on investigating, but maybe it is useless (no one cares about revoking or updating anything) and I could use another, more futureproof, ways of providing a persistent ID.   What is wrong with pariwiseId ? In some docs I have read it's almost depicted as the future, superseding persistent IDs used so far. That's why I took a further look at it. But I don't have enough knowledge about these concepts yet to have a clear opinion about them.   Thanks for the tip. Testshib is no more, but I am sure I will be able to find useful informations from there.   Regards 
Le 09-Nov-2022 14:18:55 +0100, cantor.2 at osu.edu a crit: 
> We don't have any SP as far as I know. So I am trying to be ready for
> anything and learing with trial/errors. 

If you didn't have any SPs to worry about, you wouldn't need an IdP. And if you're really starting from scratch, this is not how to do it. Do NOT support things just because. That goes triple for pairwise ID constructs. Stop, undo, get rid of all of it, until you know what you're doing and why.

Deploy what you require, when you're ready to support it.

> Is there some tool a bit like "aacli" but able to mimic some kind of "dummy SP" ? Only sending forged SAML requests and getting the
> responses, just for debug and learning purpose.

There's testshib.

-- Scott

-------------------------------------------------------------------------------------------------
FreeMail powered by mail.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221109/a4a1fa15/attachment.htm>

More information about the users mailing list