Perl 6 - the future is here, just unevenly distributed

IRC log for #shibboleth, 2015-05-15

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
16:53 ysth joined ##shibboleth
16:56 ysth SaaS that needs to allow different customers to use different IdPs/discovery services for their urls; I'm not finding good examples
17:02 ysth I see content settings that might help; requireSessionWith and different SessionInitiators doesn't seem to be right per https://issues.shibboleth.‚Äčnet/jira/browse/SSPCPP-422
17:04 ysth I'm not sure if entityID/discoveryURL have the same problem, and not sure what kind of SSO/SessionInitiator to specify if I would always be using one of those content setting anyway
18:03 ysth for now I'm using requireSessionWith and, if the session is from an idp that doesn't match, redirecting to /Shibboleth.sso/Logout?return=<same url> to try again with the right IdP/discovery service
18:03 ysth but this requires me to whitelist all the IdPs a given discovery service can be expected to return :(
18:25 pdurbin :(
18:32 ysth any ideas?
18:35 ysth https://wiki.shibboleth.net/confluence/d‚Äčisplay/SHIB2/NativeSPApplicationOverride tantalizingly says "Here are some use cases that usually do NOT require an additional application be defined:
18:35 ysth use of a particular IdP or discovery service based on the resource
18:35 ysth use of different credentials (e.g., certificates) with different IdPs
18:35 ysth customized error handling
18:35 ysth Some of those use cases did require additional application definitions in older versions, but now there are a variety of enhanced options available via content settings. Instead of creating a bunch of extra XML configuration, you can simply set properties using Apache or the <RequestMapper> based on the virtual host or path, and change which IdP gets used (entityID) or change many other behaviors.
18:35 ysth "
18:35 ysth as if this were a solved problem, but doesn't provide any information as to what the solution might be

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary