From brettmcdowell at gmail.com Wed Apr 2 06:39:08 2008 From: brettmcdowell at gmail.com (Brett McDowell) Date: Wed, 2 Apr 2008 09:39:08 -0400 Subject: [wsf-dev] [DataPortability-Public] Re: What's happening at OpenSocial? In-Reply-To: <47F2B1E7.9090904@gmail.com> References: <8ca3fbe80804010806w62361c0fmc7fb4f36d4b8e251@mail.gmail.com> <73766b160804010823jfc4f17bu363b9c01395e6acf@mail.gmail.com> <8ca3fbe80804010845i4916b9ccldc212d36d97318be@mail.gmail.com> <8ca3fbe80804011433o49a8498jfc4d1d63c4b20146@mail.gmail.com> <47F2B1E7.9090904@gmail.com> Message-ID: Given the decision of the Steering Committee last night, I would suggest we kick-off an "experiment" using Liberty's People Service to support this use case. We have some Java library implementations of People Service at www.openliberty.org as a starting point. Is anyone interested in working on this project? Can someone help me figure out how to best leverage the DP wiki to document this as an official "experiment"? Brett McDowell | Liberty Alliance | vCard| Calendar On Tue, Apr 1, 2008 at 6:06 PM, Paul Madsen wrote: > > Hi Anders, it was your exact use case (even to the names of Alice & Bob, > although a Tony was also hanging around ) that drove the specification > of the Liberty People Service > > - http://connectid.blogspot.com/2008/01/what-about-bob.html > - > > http://connectid.blogspot.com/2006/01/liberty-people-service-for-group-based.html > - > > http://www.projectliberty.org/liberty/content/download/890/6246/file/liberty-idwsf-people-service-v1.0.pdf > > paul > > anders conbere wrote: > > On Tue, Apr 1, 2008 at 2:19 PM, Julian Bond > wrote: > > > >> anders conbere Tue, 1 Apr 2008 08:45:55 > >> > >> > >>> I'm not saying that I think that these tools by google were /bad/ > >>> > >> >ideas, I just think that their short comings should be talked about. > >> >It's /nice/ that I can build an facebook like app that works across > >> >any social network that supports the Open Social API's, but it sucks > >> >that I can't connect to users in another social network from with in > >> >it. I'm still bound to the social network I chose, entry and exit > >> >still aren't free. And I propose that they should be. > >> > >> Anders, OpenSocial is not just the gadget and container APIs. It's > also > >> the Data APIs and I believe these are intended to include (optional) > >> insert, update and delete methods. What is it in the APIs you think is > >> missing to do what you want? > >> > > > > What I want most of all (if insert, update and delete methods are > > included) is a way to bridge communication between networks. I want to > > be able to build an application (like a facebook app), that allows > > Alice in flickr to share photos with Bob in picassa. As far as my > > reading of the OpenSocial api (admittedly only when it first came > > out), the open social platform has only been about build apps on top > > of existing networks. It had no way to uniquely reference users across > > networks. > > > > Now I can imagine that the reason behind this is that the big networks > > would never support a tools that began to limit the power of their > > vendor lock in. But to me that's one of the big problems in the social > > networking space. > > > > So the solutions thus far have involved "exporting the user data as > > xfn or foaf", which is not really that great because now I get a > > static copy of my friends from one network in another, and the tools > > for re-aggregation and or pinging changes back just aren't there / are > > too much work to bother with. > > > > Not to mention serveral different services all with the same copy of > > my relationship data seems ... wasteful. To me this is something that > > XMPP provides with their roster tools, and I can imagine solving with > > FOAF plus some web services. Centralized stores of data in > > decentralized networks with the ability to update themselves > > dynamically to attempt to preserve some of the immediacy of human > > interaction. > > > > ~ Anders > > > > > > > >> -- > >> > >> Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 > >> Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 > 433 > >> Personal WebLog: http://www.voidstar.com/ > skype:julian.bond?chat > >> Contains Small Parts > >> > >> > >> > >> > > >> > >> > > > > > > > > > > > -- > Paul Madsen e:paul.madsen @ gmail.com > p:613-482-0432 > m:613-282-8647 > aim:PaulMdsn5 > web:connectid.blogspot.com > > > --~--~---------~--~----~------------~-------~--~----~ > You received this message because you are subscribed to the Google > Groups "DataPortability.Public.General" group. > To post to this group, send email to > dataportability-public at googlegroups.com > To unsubscribe from this group, send email to > dataportability-public-unsubscribe at googlegroups.com > For more options, visit this group at > http://groups.google.com/group/dataportability-public?hl=en > For additional information, please visit: > http://www.dataportability.org/ > -~----------~----~----~----~------~----~------~--~--- > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080402/f78d908e/attachment.html From pwilliams at rapattoni.com Sat Apr 26 23:56:39 2008 From: pwilliams at rapattoni.com (Peter Williams) Date: Sat, 26 Apr 2008 23:56:39 -0700 Subject: [wsf-dev] ECP plugin build/execute feedback Message-ID: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl> Using instructions at http://openliberty.org/wiki/index.php?title=ECP_Plugin_Documentation&action=edit, I have the capability to now mostly build the ECP extensions, but have not succeeded to run the ECP plug-in on windows2008 Enterprise Edition. Some pretty raw feedback follows:- Windows does not have a shell to build .sh file scripts, or a zip command. Perhaps, only Eclipse tools (or tool extensions) should be used to build the project to maintain build portability. I had almost no modern personal context on any of the browser/toolchain, but followed steps 1-4 quite easily Eclipse 3.2 for Java/EE Web Tools latest XUL tool chain latest SVN src control plugin. To practice a little with Firefox (Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14) and get a basic orientation, I installed the "sxipper" commercial-grade plugin, learning to install/use it on an openid site (where it did fine). Step 5 was a little more difficult, given I have no recent context in Eclipse or its whole UI concept for the IDE. I did use the IBM JCOP Eclipse for building javacard firmware 3 years ago, and thus half-figured/half-remembered XUL project making/running out, by analogy. I think I figured things out to about 90% completion; but build documentation was just lacking (for a complete novice in this highly technical toolchain). Step 6 is confusing. I created a txt file (I called it "foo.txt") in C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\81ecn5k5.default. There is no subdirectory there called plugins, note well - taking a hint from the wiki notes. In the .txt file, I typed one line - a DOS file path to my eclipse workspace/sub-directory wherein lie various files - exactly as checkedout from the SVN repository. The line is "C:\Users\Administrator\workspace\saml2_ecp at openliberty.org", at which directory there are several files, including saml2_ecp at openliberty.org.xpi - No local build has completed (lacking sh(1) and zip(1) - or alternative instructions) I do note that the src file :install.rdf" (that updated_package.sh would zip up into the xpi file along with other resources) has a {GUID} in its ID field. This seems to counter the counsel of the wiki that seems to want the GUID replaced by the string saml2_ecp at openliberty.org. Selecting the extension project root, and Launching the Firefox Launcher does launch Firefox, and allows selection of the default profile. Its not clear the extension is being loaded however, and no ECP add-on appears in the list of add-ons, under Tools. The notes might want to suggest an SP site, with which to make a trial - and/or define a means to know at least that the extensions is at least loaded into Firefox. _________________________ Peter Williams Chief Information Security Officer Mobile (805) 416-6305 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080426/0bd655f1/attachment-0001.html From peter.openliberty at zenn.net Mon Apr 28 11:19:42 2008 From: peter.openliberty at zenn.net (Peter Pritchard) Date: Mon, 28 Apr 2008 14:19:42 -0400 Subject: [wsf-dev] ECP plugin build/execute feedback In-Reply-To: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl> References: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl> Message-ID: <951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net> Sorry about the docs ... I will update them soon ... So I built the final .xpi file, so we no longer have to use eclipse to launch the extension On Apr 27, 2008, at 2:56 AM, Peter Williams wrote: > Using instructions at http://openliberty.org/wiki/index.php?title=ECP_Plugin_Documentation&action=edit > , I have the capability to now mostly build the ECP extensions, but > have not succeeded to run the ECP plug-in on windows2008 Enterprise > Edition. > My bad ... I pulled the rug out from under my own wiki installation instructions ... if you have the extension working, it means that you ignored my installation instructions completely ... again ... my bad > Some pretty raw feedback follows:- > Windows does not have a shell to build .sh file scripts, or a zip > command. Perhaps, only Eclipse tools (or tool extensions) should be > used to build the project to maintain build portability. > > I had almost no modern personal context on any of the browser/ > toolchain, but followed steps 1-4 quite easily > > Eclipse 3.2 for Java/EE > Web Tools latest > XUL tool chain latest > SVN src control plugin. > > To practice a little with Firefox (Mozilla/5.0 (Windows; U; Windows > NT 6.0; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14) and get > a basic orientation, I installed the "sxipper" commercial-grade > plugin, learning to install/use it on an openid site (where it did > fine). > > Step 5 was a little more difficult, given I have no recent context > in Eclipse or its whole UI concept for the IDE. I did use the IBM > JCOP Eclipse for building javacard firmware 3 years ago, and thus > half-figured/half-remembered XUL project making/running out, by > analogy. I think I figured things out to about 90% completion; but > build documentation was just lacking (for a complete novice in this > highly technical toolchain). Just make sure to read the two 'Cheat Sheet' items regarding XUL/ Firefox usage ... > > Step 6 is confusing. I created a txt file (I called it "foo.txt") in > C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles > \81ecn5k5.default. There is no subdirectory there called plugins, > note well - taking a hint from the wiki notes. > the extensions/ folder is where to put it ... (below the 81ecn5k5.default/ directory) ... > > In the .txt file, I typed one line - a DOS file path to my eclipse > workspace/sub-directory wherein lie various files - exactly as > checkedout from the SVN repository. The line is "C:\Users > \Administrator\workspace\saml2_ecp at openliberty.org", at which > directory there are several files, including saml2_ecp at openliberty.org.xpi > - No local build has completed (lacking sh(1) and zip(1) - or > alternative instructions) > I will update the wiki for both development-level instructions using Eclipse & XULBooster and also for deployment, using the .xpi file archive. (By Tuesday hopefully) > I do note that the src file :install.rdf" (that updated_package.sh > would zip up into the xpi file along with other resources) has a > {GUID} in its ID field. This seems to counter the counsel of the > wiki that seems to want the GUID replaced by the string saml2_ecp at openliberty.org > . Good point, the 'install.rdf' file reflects the new method of installation: - Checkout the project (anywhere suitable). Then open FireFox and File > Open File ..., navigate the File Chooser to the saml2_ecp at openliberty.org.xpi file ... this will copy all the necessary files into their correct places. ... - (Although it hasn't worked for me yet)(Mac OS X), this url: https://openliberty.svn.sourceforge.net/svnroot/openliberty/SAMLv2/ECP/FirefoxPlugin/trunk/saml2_ecp at openliberty.org.xpi , when opened in Firefox, should start the install process, using the latest version of the plugin ... the apache server HAS added the necessary line to the config file, to map files of type .xpi <--> to the mimeType of application/x-xpinstall. > > Selecting the extension project root, and Launching the Firefox > Launcher does launch Firefox, and allows selection of the default > profile. Its not clear the extension is being loaded however, and no > ECP add-on appears in the list of add-ons, under Tools. When installation is successful, it should appear under Tools, and add a Sidebar toggle item to your main Toolbar. > > The notes might want to suggest an SP site, with which to make a > trial - and/or define a means to know at least that the extensions > is at least loaded into Firefox. This is an obvious, but purposeful omission. This plugin needs to be tested on SPs ... which I myself do not have running. The ECP plugin SHOULD work with any SP/IDP combo which purports to be ECP-compliant. If you have success or failure, please send the test results to me or better yet, to this mailing list. It could very well be that I have some tweaking to do. > > _________________________ > Peter Williams > Chief Information Security Officer > Mobile (805) 416-6305 > _______________________________________________ > Wsf-dev mailing list > Wsf-dev at lists.openliberty.org > http://lists.openliberty.org/mailman/listinfo/wsf-dev_lists.openliberty.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080428/23c7c489/attachment.html From pwilliams at rapattoni.com Mon Apr 28 12:02:25 2008 From: pwilliams at rapattoni.com (Peter Williams) Date: Mon, 28 Apr 2008 12:02:25 -0700 Subject: [wsf-dev] ECP plugin build/execute feedback In-Reply-To: <951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net> References: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl>, <951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net> Message-ID: Copy of email sent to shibboleth-users group follows, on making shib2 package act as an ECP/PAOS-capable SP (to generate the EnvelopedAuthRequest, at least) in Windows/IIS. Not clear the shib exploder has distributed the original mail from Saturday, so its included here. My plan is thus : 1. wait till to Wed to try building/launching again the ECP plugin 2. run it against my working IIS7/Shib2 SP 3. have to talk to PingFederate 5.02 as IDP, using SAML2.SOAP binding. (3) seems the part most at risk now, as I'm not sure I can get PingFed to issue a SOAP response that has the Enveloped form required by tjhe ECP proxy. Ill play tho. Ping are unsupportive on all this work (and wont even release hints); so its trial and error, for me. T&D may well fail, and I may have to go build the Shib2 Java IDP, to compensate. Peter W. --------------------- To allow IIS7 (via the shib_isapi handler) to invoke the NativeSP in "handler" mode (so Shib2 act as a layer 5 protocol engine, rather than web-session middleware) and then support a trial generting a SAMLRequest using ECP and PAOS, I did the following 1. in isapi src, alter code lines as follows A pair res = stf.getServiceProvider().doAuthentication(stf, true); // note true for 2nd parm B dynabuf handlervar(256); // define val as global, and have CRT static alloc space C GetHeader(pn,pfc,"url",handlervar,256,false); // add line to ShibTargetIsapiF constructor, after existing GetHeader(url). Fast hack to store inbound querystring as global char* in handlervar D // The filter never processes the POST, so stub these methods. const char* getQueryString() const { return (char*)handlervar; // implement using nasty hack, for use by CGIReader // throw IOException("getQueryString not implemented"); // comment away not implemented throw } 2. in isapi src, comment out any undesirable, "non protocol" features g_Config->setFeatures( SPConfig::Listener | // SPConfig::Caching | //disable caching support in library SPConfig::RequestMapping | SPConfig::InProcess | SPConfig::Logging | SPConfig::Handlers ); 3. In a shibboleth2.xml SP config file generated by TestShib harness, ensure default SessionInitiator has (undocumented) attribute ECP="true" . Invokes protocol engine for layer 5 S-SDU/initiate, in raw mode. https://win8pw.rapattoni.local/Shibboleth.sso/TestShib?applicationId=default&providerId=none 5. Ensure HTTP Request has conforming http request headers (taken verbatim from SAML2 documentation/latest-errata) Accept: text/html; application/vnd.paos+xml PAOS: ver="urn:liberty:paos:2003-08" ; "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" Unless I missed some of my code hacks, this produces a trial as follows. Since this is the first time in 12 months of trying with 3 windows products that I've got this far with ECP ...Im pretty happy with Shib2! Thanks! GET /Shibboleth.sso/TestShib?applicationId=default&providerId=none HTTP/1.1 Accept-Language: en-us,en-securid UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 3.5.21022) Connection: Keep-Alive Host: win8pw.rapattoni.local Accept: text/html; application/vnd.paos+xml PAOS: ver="urn:liberty:paos:2003-08" ; "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Content-Type: application/vnd.paos+xml Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Sat, 26 Apr 2008 22:30:38 GMT Connection: close Content-Length: 1515 https://win8pw.rapattoni.local/shibboleth-sphttps://win8pw.rapattoni.local/shibboleth-sp _________________________ Peter Williams Chief Information Security Officer Mobile (805) 416-6305 From: Peter Williams Sent: Sat 4/26/2008 1:11 PM To: shibboleth-users at internet2.edu Subject: RE: TestShib not responding to ACSURL I've moved on in my experiment (changing Shib2 code to suit), hopefully exploiting a response on a different thread. It noted that one can initiate a (SAML2) protocol handler using URIs of the form: -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080428/3dab6ef1/attachment-0001.html From cantor.2 at osu.edu Mon Apr 28 12:10:50 2008 From: cantor.2 at osu.edu (Scott Cantor) Date: Mon, 28 Apr 2008 15:10:50 -0400 Subject: [wsf-dev] ECP plugin build/execute feedback In-Reply-To: References: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl> <951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net> Message-ID: <02b601c8a963$94e0dc40$bea294c0$@2@osu.edu> > To allow IIS7 (via the shib_isapi handler) to invoke the NativeSP in > "handler" mode (so Shib2 act as a layer 5 protocol engine, rather than web- > session middleware) and then support a trial generting a SAMLRequest using > ECP and PAOS, I did the following None of that is necessary, Shibboleth is easily able to issue requests with a simple get to /Shibboleth.sso/Login. > 4. Invoke trial usin tool like curl(1) ...using GET to induce protocol run, > where providerId parameter is demonstrably set to "none" to showcase the ECP > scenario. That means you want to use the IdP named "none". You want to omit it altogether. (The I2 lists are down, that's why your message hasn't made it yet. If you're having problems with the SP that required you to change the code, just ask directly until the list is up.) -- Scott From pwilliams at rapattoni.com Mon Apr 28 12:31:59 2008 From: pwilliams at rapattoni.com (Peter Williams) Date: Mon, 28 Apr 2008 12:31:59 -0700 Subject: [wsf-dev] ECP plugin build/execute feedback In-Reply-To: <02b601c8a963$94e0dc40$bea294c0$@2@osu.edu> References: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl> <951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net> , <02b601c8a963$94e0dc40$bea294c0$@2@osu.edu> Message-ID: Wonderful that there is an easy way! I just read the code, fiddled step by step till it did something sensible. At least I now understand handler mode much better, so SAML/ShibSP itself becomes service operating on its own host supporting a cluster of webapps. Q: is there any way via query-string to populate the IDPList with >1 entry? In terms of my own ECP client (for post WAP1 era usages) there is only 1 agenda with 3 components, which I trust can merge with other folks efforts:- 1. Nominally, the proxy will be the generator of the AuthnResponse. How it generates/signs this blob is a blackbox issue for the SP. 2. In fact, my own proxy will leverage a data server (from a realty open standard peculiar to US Realty) that looks and functions a bit like a SemWeb SPARQL server, listening for data queries on some or other URI binding. 3. The data servers already operate their own secure chaining model. Thus, the ECP proxy can be seen as an aggregator of SAML assertions that said chaining parties provide, and will act as the ultimate signer of the AuthnResponse. >From the std, the ECP proxy is obligated to restrict which SAML assertions it puts into a Response, and from which (single) source. In a second phase, I will then play with ECP/SAML2 proxying in its own right, trying to take from the WAP1 roaming world whats useful to carry forward to today. _________________________ Peter Williams Chief Information Security Officer Mobile (805) 416-6305 From: Scott Cantor Sent: Mon 4/28/2008 12:10 PM To: 'Peter Williams'; wsf-dev at lists.openliberty.org Subject: RE: [wsf-dev] ECP plugin build/execute feedback > To allow IIS7 (via the shib_isapi handler) to invoke the NativeSP in > "handler" mode (so Shib2 act as a layer 5 protocol engine, rather than web- > session middleware) and then support a trial generting a SAMLRequest using > ECP and PAOS, I did the following None of that is necessary, Shibboleth is easily able to issue requests with a simple get to /Shibboleth.sso/Login. > 4. Invoke trial usin tool like curl(1) ...using GET to induce protocol run, > where providerId parameter is demonstrably set to "none" to showcase the ECP > scenario. That means you want to use the IdP named "none". You want to omit it altogether. (The I2 lists are down, that's why your message hasn't made it yet. If you're having problems with the SP that required you to change the code, just ask directly until the list is up.) -- Scott -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080428/070700c4/attachment.html From cantor.2 at osu.edu Mon Apr 28 12:39:40 2008 From: cantor.2 at osu.edu (Scott Cantor) Date: Mon, 28 Apr 2008 15:39:40 -0400 Subject: [wsf-dev] ECP plugin build/execute feedback In-Reply-To: References: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl> <951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net> <02b601c8a963$94e0dc40$bea294c0$%2@osu.edu> Message-ID: <02c801c8a967$9acf4660$d06dd320$@2@osu.edu> > Q: is there any way via query-string to populate the IDPList with >1 entry? No, that use case is addressed together with the general "advanced AuthnRequest" bucket. It's a bit ugly, but you basically embed an AuthnRequest inside the SessionInitiator in question and it will use it as a template. -- Scott From pwilliams at rapattoni.com Mon Apr 28 12:54:48 2008 From: pwilliams at rapattoni.com (Peter Williams) Date: Mon, 28 Apr 2008 12:54:48 -0700 Subject: [wsf-dev] ECP plugin build/execute feedback In-Reply-To: <02c801c8a967$9acf4660$d06dd320$@2@osu.edu> References: <2D061336-9B35-48D7-84B2-F0301A9F6B7C@mimectl> <951AB4B7-B595-4275-B196-714CE6B6E600@zenn.net> <02b601c8a963$94e0dc40$bea294c0$%2@osu.edu> , <02c801c8a967$9acf4660$d06dd320$@2@osu.edu> Message-ID: <7301D050-CD0A-4FB0-AFF7-C2531AA57E71@mimectl> Ok. I will make a PDU by hand: an SAML2.AuthnRequest encoded in XML. Then I will put this presentation data value into the SPCONFIG file on the default SessionInitiator, flagging that its a "template" PDU. Thus, the message on the wire derived from said template will carry forward the subordinate protocol elements (e.g. IDPList, ACSURL). NB: I had been wondering, architecturally, if a chaining provider (of SAML2.SessionInitiators, the subset with ECP=true attribute) would be the way that Shib2 would address this issue. Seemed a cute idea, at least. _________________________ Peter Williams From: Scott Cantor Sent: Mon 4/28/2008 12:39 PM To: 'Peter Williams'; wsf-dev at lists.openliberty.org Subject: RE: [wsf-dev] ECP plugin build/execute feedback > Q: is there any way via query-string to populate the IDPList with >1 entry? No, that use case is addressed together with the general "advanced AuthnRequest" bucket. It's a bit ugly, but you basically embed an AuthnRequest inside the SessionInitiator in question and it will use it as a template. -- Scott -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080428/1f9bee84/attachment.html From pwilliams at rapattoni.com Tue Apr 29 13:01:08 2008 From: pwilliams at rapattoni.com (Peter Williams) Date: Tue, 29 Apr 2008 13:01:08 -0700 Subject: [wsf-dev] FW: ECP plugin build/execute feedback Message-ID: <943BD362-582D-4CD7-960F-5C7D2285B571@mimectl> An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080429/d416d725/attachment.html