[wsf-dev] ECP test harness

sampo at symlabs.com sampo at symlabs.com
Thu Mar 13 15:48:07 PDT 2008 

Scott Cantor wrote:
>> I was going to send this email to Scott, but I guess I'm looking for
>> help
> in
>> general, not just targeting Scott.
>
> That's good, because you're at the end of my ability to help. I don't have
> an IdP to give you, and until you/we/somebody defines the HTTP/SOAP
> authentication process you're expecting to use, nobody can have one to
> give
> you.

Are you saying ECP enabled IdP is infeasible untils those prerequisites
are met?

I beg to disagree: all SAML 2.0 certified IdPs already have the
support. The authentication part is unspecified by SAML 2.0, but
certainly straight forward doable.

The Symlabs IdP instance Asa has been testing against has such support
without any change in configuration.

Cheers,
--Sampo

>> to url (taken from IDPEntry providerID )
> https://idp.example.org/shibboleth
>
> I suspect it's a quirk of the dummy configuration on that SP that it's
> embedding an IdP to use in the request. Normally there probably wouldn't
> be.
>
>> and I get a 404 response ... is this just because the IdP is not set up
>> right, or because I'm doing something wrong ...
>
> What IdP? That's not a real name, any more than sp.example.org is. If you
> have an IdP that's willing to call itself by that entityID (much as that
> SP
> is), then you can map a /etc/hosts entry to it, but otherwise, not.
>
>> NOTE: I was expecting to get a 'Loc' attribute from the IDPEntry node
>> ...
>> and in other places I have seen other variants ... anyone have an IdP to
>> test the ECP against?
>
> I wouldn't expect to get an IDPEntry period. That's a bonus if you get
> one.
>
>> NOTE #2: Am I supposed to have an IdP url cached on the ECP plugin side
> (by
>> providerID) or get it from the user or UserAgent?
>
> You need to provision the plugin with the information it will need for
> each
> IdP the user wants to pick from. Primarily the endpoint, I don't know off
> hand if anything else will be crucial, possibly not.
>
> You could do this many ways, loading in SAML metadata being the most
> generic
> longterm.
>
> -- Scott
> _______________________________________________
> Wsf-dev mailing list
> Wsf-dev at lists.openliberty.org
> http://lists.openliberty.org/mailman/listinfo/wsf-dev_lists.openliberty.org
>

More information about the Wsf-dev mailing list