[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Shib2 experiences



I remember someone a while back was asking about Shibboleth2 integration
to zxid.

I have tried this recently and here's what I got:

1. The shib2 metadata extensions are not supported, but in general
   the way zxid ignores them does not seem to be a problem.
2. Must use transient nameid with shib.
3. Signatures from shib2 idp fail to validate due to
   canonicalization problem at either end.

I would like to hear list member's experiences about shib2-zxid
interoperability.

I would also like specific debugging help wrt how to make Shib2 IdP
log the canonicalized version of the assertion, i.e. what was actually
used to compute the sha1 message digest, rather than some pretty
printed or over the wire log.

Cheers,
--Sampo