>>> On 02/12/2009 at 15:37, in message
<[log in to unmask]>, Rhys
Smith <[log in to unmask]> wrote:
>>
>> The bottom line is that users personalisations will not be lost when
>> that SP talks SAML2 to me rather than SAML1?
>>
>> Please tell me this is so ?!
>
> Caveat: someone please step in and tell me if what I'm about to say is
> wrong...
>
> That's definitely what *should* happen, because the actual hashed value
> created doesn't change, and any personalisation should hang off that
> value, not the format specific value (or should be ready for the change).
> However... can't absolutely guarantee that, because there's no accounting
> for services that might be personalising based on the full old-style
> scoped value rather than extracting the value itself and personalising
> from that. So, it's down to the implementation of the service.
>
> So the answer, is, err, maybe?
>
Thanks Rhys,
That ties in with what I've just been playing with. It's a few weeks since I last set up an SP so I'd forgotten all of the ins and outs (sadly same would be true were it to be yesterday...), but I've just been messing with it: Yes, its very up to how the individual SP has set it up, attribute-map.xml gives the deployer huge scope for tinkering with what gets delivered to the Apache environment and after that the world is your oyster as to what you can do with the attribute.
So the bottom line to modify slightly what Rhys wrote:
> That's definitely what *could* happen, because the actual hashed value
> created doesn't change,
and definitely *should* happen but there is just the possibility of being shot in the foot. However I am optimistic that this will go OK, I've not heard any anguished cries from anyone who's already done this (Please tell me that this is not because no-one has actually done this on a live service yet!). So yes, I am optimistic this will work :-)
On a slightly related topic, what version of JAVA are folks using with their Shib2 IdPs? I've upped the Tomcat to 6.0.20 but the java on the machine was jdk 1.5.0.14 which was in the supported range so I left it for now. Apache at the front is 2.2.6 and I'm very tempted to leave that as is, but wonder if I should replace the JAVA?
Cheers
Andy
The University of Dundee is a registered Scottish charity, No: SC015096
|