* Rod Widdowson <[log in to unmask]> [2009-07-28 18:16]:
> That error is usually because you don't have optional_no_ca on your
> apache settings. You'll need to check the log for more details
> because it could just be that you have the wrong certificate being
> used on the SP to open the SOAP port (but this is less likely given
> that encryption works). One of the best reasons to move every over
> to SAML2 (in, I'd guess about 10 years :-() is that once everyone
> can do encrypted attribute push we don't need that damned back
> channel for attributes...
One of the reasons the Shib project now only documents Tomcat-solo
deployments. That tiny bit of config for the 8443 vhost (now only to
be found attached to some rather obscure page in the Shib2 Wiki
https://spaces.internet2.edu/download/attachments/5557/shib2idpbeta-apache.conf?version=3
) seemingly was too much...
But I won't hold my breath 'til everyone switched over to SAML2.
And with SLO over SOAP we won't get completely rid of the backchannel
either, as your well chosen answer ("for attributes") implies ;)
-peter
|