On Fri, 21 May 2010, Andy Swiffin wrote:
> ...
>
> The aim of the strategy is to allow you to listen on both Shibboleth 1.3
> and Shibboleth 2 endoints. Rod did this in
> http://www.ukfederation.org.uk/content/Documents/RollingIdPUpgrade by
> adding Shibboleth 2 endpoints to his 1.3 IdP (albeit as /shibboleth-idp/
> rather than the default /idp/ ) then Propagating a metadata change,
> waiting till everyone had moved over to them and then swapping in a 2.1
> IdP also listening on those endpoints.
>
> ...
>
> 2c)
> SP has old metadata
> User goes to SP which directs user to the UK Federation WAYF
> UK Fed Wayf has NEW metadata and sends the user to the 2.1 IdP to authenticate
> SP will look up our ENTITYID in its OLD metadata and then go to 1.3 IdP for attributes
> BUST
Unless I'm missing something (and that's entirely possible, and I'd really
like it if someone could point out what), the same behaviour would surely
be expected of Rod's approach?
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|