On 6 Oct 2014, at 12:52, Sam Hartman <[log in to unmask]> wrote:
> How would you feel about removing from default and saying that people
> should add this if they want it?
>
> I'm starting to feel that SAML assertion is showing its age?
Happy for it not to be in the config of the actual packages we distribute, but I think it would be good to keep it in there on the livedvd if poss - just to make testing SSH have one fewer complicated step to perform.
Quick Q about the new FR sites configs:
1) am I right in thinking that abfab-tls is setting up FR to listen for RadSec connections and looking for the corresponding keys in its key db when connections come in, and then once that’s sorted it sends control to the abfab-tr-idp config.
2) abfab-tr-idp config then handles authenticating users.
So if you were just setting up an RP Proxy that was going to connect to a TR, you’d still have to enable the abfab-tls and abfab-tr-idp configs? If so, shouldn’t abfab-tr-idp just be abfab-tr ? Just to lessen a source of potential confusion for those deploying an RP Proxy who get confused having to enable IdP things.
Or am I misunderstanding something?
Rhys.
--
Dr Rhys Smith
Identity, Access, and Middleware Specialist
Cardiff University & Janet, the UK's research and education network
email: [log in to unmask] / [log in to unmask]
GPG: 0x4638C985
|