[wsf-dev] ECP test harness

[Scott Cantor]

> I was going to send this email to Scott, but I guess I'm looking for help
in
> general, not just targeting Scott.

That's good, because you're at the end of my ability to help. I don't have
an IdP to give you, and until you/we/somebody defines the HTTP/SOAP
authentication process you're expecting to use, nobody can have one to give
you.

> to url (taken from IDPEntry providerID )
https://idp.example.org/shibboleth

I suspect it's a quirk of the dummy configuration on that SP that it's
embedding an IdP to use in the request. Normally there probably wouldn't be.

> and I get a 404 response ... is this just because the IdP is not set up
> right, or because I'm doing something wrong ...

What IdP? That's not a real name, any more than sp.example.org is. If you
have an IdP that's willing to call itself by that entityID (much as that SP
is), then you can map a /etc/hosts entry to it, but otherwise, not.

> NOTE: I was expecting to get a 'Loc' attribute from the IDPEntry node ...
> and in other places I have seen other variants ... anyone have an IdP to
> test the ECP against?

I wouldn't expect to get an IDPEntry period. That's a bonus if you get one.

> NOTE #2: Am I supposed to have an IdP url cached on the ECP plugin side
(by
> providerID) or get it from the user or UserAgent?

You need to provision the plugin with the information it will need for each
IdP the user wants to pick from. Primarily the endpoint, I don't know off
hand if anything else will be crucial, possibly not.

You could do this many ways, loading in SAML metadata being the most generic
longterm.

-- Scott