[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Shibboleth 2 IdP compatibility
I'm trying to connect a zxid 0.32-based SP to to a Shibboleth 2.1 IdP (
https://www.testshib.org). The metadata (
https://idp.testshib.org/idp/shibboleth) for this instance implements
namespaces which zxid does not currently support, like
I've been following documentation for adding new namespaces:
I'm now at step 2: manual tweaking of SG files. I'm not sure I'm modifying
files correctly, as I don't have clear examples as to how the SG results
should look given different XML cases (primarily steps 2.2 and 2.3). It's
also unclear whether I need to make any changes specific to step 2.1.
- As per step 2.3, I changed one occurence of
@xml:lang? -> %xs:string #@xml:lang vs. @lang ***".
- As per step 2.2, I changed:
given XML definition:
<element ref="ds:Signature" minOccurs="0"/>
Are these accurate modifications? I've attached copies of the unmodified
(no manual tweaks) .sg files I generated, as well as the original XSD files,
If anyone has more experience building "correct" .sg files, I'd greatly
appreciate help getting these SG files updated. Once correctly modified,
perhaps these could also be included in the zxid distribution for
out-of-the-box compatibility with Shibboleth 2 identity providers.
Note: The archive also includes my modified xsd2sg.pl, as there were a few
elements, attributes, and syntax constructs implemented in the Shibboleth
XSD files that were not being handled.
[demime 1.01d removed an attachment of type application/zip which had a name of shib_2.2.1_sg.zip]