[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: SAML2 Attribute Query and CryptoTransientId
From:       "Cantor, Scott E." <cantor.2 () osu ! edu>
Date:       2011-07-28 22:35:09
Message-ID: CA575BA9.11BF5%cantor.2 () osu ! edu
[Download RAW message or body]

On 7/28/11 5:03 PM, "Tom Poage" <tfpoage@ucdavis.edu> wrote:
>This is what I was using for testing (along with corresponding
>AttributeDefinition):

Ok, just a thought.

>Not a big deal (for me), since we don't use SAML 2 Attribute Query, nor
>Artifact in general.

I don't at all, so it may be there's a bug handling 2.0, though I can't
think why. That code's all far away from any of the SAML version specific
code. I would suggest filing a bug on it for now. I can try it easily
enough once I have a chance.

>That said, we were toying with the idea of reinstating AQ for SAML 1
>(vs. push) cf. the security consideration of pushing unencrypted
>attributes through the client browser (and I've been avoiding Terracotta).

I'm using it now for SAML 1 (we just went production this week).

As an aside, I probably was the last thing resembling a maintainer for the
1.3 IdP, so if somebody out there is still using it, I suggest you find
yourself a sugar daddy to maintain that code.

-- Scott

-- 
To unsubscribe from this group, send email to
users+unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]