[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shibboleth 2 IdP compatibility



Unless you already integrated, can you send me the schema and I'll
integrate it.

Cheers,
--Sampo

Eric Rybski wrote:
> Hi,
>    I'm trying to connect a zxid 0.32-based SP to to a Shibboleth 2.1 IdP (
> https://www.testshib.org).  The metadata (
> https://idp.testshib.org/idp/shibboleth) for this instance implements
> namespaces which zxid does not currently support, like
> "urn:mace:shibboleth:metadata:1.0".
>
> I've been following documentation for adding new namespaces:
>
> http://www.zxid.org/html/README.zxid-17README_zxid-CreatingNewInterfacesUsingZXIDMethodology.html
>
> I'm now at step 2: manual tweaking of SG files.  I'm not sure I'm
> modifying
> files correctly, as I don't have clear examples as to how the SG results
> should look given different XML cases (primarily steps 2.2 and 2.3). It's
> also unclear whether I need to make any changes specific to step 2.1.
>
> For example:
>    - As per step 2.3, I changed one occurence of
> @xml:lang?
>
> to:
> @xml:lang? -> %xs:string  #@xml:lang vs. @lang   ***".
>
>    - As per step 2.2, I changed:
> %SiteGroupType:
>     shib:OriginSite
>  |   shib:DestinationSite
>  |   shib:SiteGroup
>
> to:
> %SiteGroupType:
>     shib:OriginSite
>     shib:DestinationSite*
>     shib:SiteGroup*
>
> given XML definition:
>         <sequence>
>             <choice maxOccurs="unbounded">
>                 <element ref="shib:OriginSite"/>
>                 <element ref="shib:DestinationSite"/>
>                 <element ref="shib:SiteGroup"/>
>             </choice>
>             <element ref="ds:Signature" minOccurs="0"/>
>         </sequence>
>
>
> Are these accurate modifications?  I've attached copies of the unmodified
> (no manual tweaks) .sg files I generated, as well as the original XSD
> files,
> for reference.
>
>    If anyone has more experience building "correct" .sg files, I'd greatly
> appreciate help getting these SG files updated.  Once correctly modified,
> perhaps these could also be included in the zxid distribution for
> out-of-the-box compatibility with Shibboleth 2 identity providers.
>
> Note: The archive also includes my modified xsd2sg.pl, as there were a few
> elements, attributes, and syntax constructs implemented in the Shibboleth
> XSD files that were not being handled.
>
> Regards,
> Eric
>
> [demime 1.01d removed an attachment of type application/zip which had a
> name of shib_2.2.1_sg.zip]