Alistair,
>I presume the fed doesn't have a SAML2 IdP Discovery Profile Cookie
>Monster? Where a shared domain cookie bypasses the WAYF?
I'm not sure what you mena by this, but you may want to be aware of
https://bugs.internet2.edu/jira/browse/SDSJ-3
> Does the federation WAYF support SAML2 profiles? i.e. will it pass on
> what's POSTed to it? as opposed to what it GETs when using Shibboleth.
The federation is just that. It does not support the discovery protocol. I
believe that a new service which supports the IdP Discovery Service
(http://www.oasis-open.org/committees/download.php/28049/sstc-saml-idp-discovery-cs-01.pdf)
is due out real soon now. I'm sure that you'll be notified. Meanwhile if
you want to test against something pretty similar to this can you contact me
OOB?
However, "Discovery" is a difficult word in SAML since it is over-employed.
This is *not* WS-Discovery , now is it section 4 of
http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf...
> int 80h
Move of an "int 03h" man myself...
|