Perl 6 - the future is here, just unevenly distributed

IRC log for #shibboleth, 2016-05-23

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
11:59 mckeanbs joined ##shibboleth
12:52 pdurbin joined ##shibboleth
14:03 dstanek joined ##shibboleth
14:04 dstanek not many people here :-)
14:04 dstanek if i have an SP using mod_shib should i have to restart apache to add another IdP? or should i just have to restart shibd?
14:12 pdurbin dstanek: I think restarting shibd is enough. https://demo.dataverse.org​/Shibboleth.sso/DiscoFeed gets updated at least.
14:14 dstanek pdurbin: ok, i'm testing that now. i've had issues with it in the past
14:14 dstanek i was just wondering what to expect
14:17 pdurbin dstanek: do you have to restart apache?
14:17 dstanek pdurbin: i'm creating a new IdP now for testing, but last time I tried I think I did
14:19 dstanek pdurbin: i have a requirement to dynamically add IdPs on the fly via APIs. so i evaluated processing SAML myself vs. editing the config files and restarting
14:20 pdurbin dstanek: from what I understand if you configure shibd with a feed from InCommon you can expect new IdPs to pop in automatically as they join the federation
14:22 dstanek pdurbin: hmmm.. i'm looking at some information about InCommon now...does that mean that IdPs need to use the same cert?
14:22 dstanek pdurbin: is there any good documenation on this?
14:24 pdurbin let me look at what I wrote for https://github.com/IQSS/dataverse/issues/2937
14:24 pdurbin One of the benefits of using shibd is that it can be configured to periodically poll your identify federation for updates as new Identity Providers (IdPs) join the federation you’ve registered with. For the InCommon federation, the following page describes how to download and verify signed InCommon metadata every hour:
14:24 pdurbin https://spaces.internet2.edu/display/InCFed​eration/Shibboleth+Metadata+Config#Shibbole​thMetadataConfig-ConfiguretheShibbolethSP
14:29 dstanek pdurbin: awesome, thx. it looks like i have some reading to do now
14:29 dstanek pdurbin: what manages that XML metadata for the IdPs?
14:30 pdurbin magic
14:31 dstanek i hope now because that means i'm in trouble :-)
14:31 pdurbin aren't we all
14:32 dstanek in that model do the IdPs need to know about each other?
14:33 pdurbin hmm, I don't think so. the SPs need to know about all the IdPs. and the IdPs need to know about all the SPs. I think.
14:36 dstanek and so i would just manage that xml manually through those apis i want to write?
14:48 dstanek pdurbin: oh, you know what. it might have been the attribute map XML and required an Apache restart
15:31 misilot joined ##shibboleth
15:46 mckeanbs joined ##shibboleth
22:51 dstanek_ joined ##shibboleth

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary