Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] Question about higgins SAML interoperability
Yes, John's right about all that.
The Higgins SAML2 IdP (in its default configuration) was made specifically to act as an IdP for Google Apps.
It does support Single Logout, but I don't think it supports any of the other features you asked for.

By default, the Higgins SAML2 IdP uses its own internal special-purpose STS.
It can also be configured to use the "full-featured" Higgins STS instead, which may come closer to your needs.
This however would probably need some help from Mike to set up.

Markus

On Thu, Aug 12, 2010 at 6:20 AM, John Bradley <ve7jtb@xxxxxxxxxx> wrote:
As I recall the SAML implementation in higgins was targeted to work with Google.   

It would need significant work to come up to SimpleSAMLphp, or  Shibboleth 2.

Shib 2 has some information card and openID support but is looking for people to maintain that.

Especially if you require Kerberos Shib 2 is probably your best bet.

John B.
On 2010-08-12, at 3:54 AM, Stefano Gargiulo wrote:

       - does it support SAML federation metadata in xml?

i just read this:

Configure the SAML2 RP

The saml2idp.test web application project contains the following files in the WebContent/conf folder:
...omississ...

  • idp/cacert.pem: This is the matching certificate (including a public key) for the private key of the IdP. It is used to verify XML Signatures in SAML 2.0 messages received from the IdP. The file is expected to have a X509 structure and be in PEM (ascii) format.

So i suppose that higgins SP can trust just one IdP, and discovery service protocol is not supported i'm right?

And the IdP:

rp/*.pem: Every file ending in ".pem" in the rp/ subdirectory is considered to be a matching certificate (including a public key) for the private key of an RP, from which requests should be accepted. It is used to verify XML Signatures in SAML 2.0 messages received from RPs. The file is expected to have a X509 structure and be in PEM (ascii) format.


but where i can put the endpoints of all the services? or is it supposed to interoperate just with Higgins RP?


Pratically my question is: can i interoperate higgins idp and sp with a federation metadata like this:

https://www.idem.garr.it/docs/conf/idem-test-metadata.xml

?

Best regards,
Stefano.

Hi all,

I'm sorry: i don't know if i can ask things like this in this mailing list but i didn't found any higgins-users ML.

First of all congraturations: I discovered this awesome project today! I come from Shibboleth, simpleSAMLphp, and OpenSSO (but now I'm implementing a new SSO federation, so i just looked around for news) 

I like very much the innovative idea behind Higgins, so i want to try it, but i've to be care because in the future my new SSO federation will need to interoperate with a bigger one that's strongly based on Shibboleth (IDEM, the italian educational federation) so before starting i've two questions, one concerning the IdP and one for the Java RP: 

1)  Can the SAML2 IdP fully interoperate with Shibboleth and SimpleSAMLphp SP? (we call SP, Service Provider, what you call RP)?
Does it support federation metadata in xml format? 
Does it support attribute query profile? 
Single Logout Request? 
Attribute Aggregation (can it be an AtrributeAuthority?) etc?

Or simply please tell me any know lack into the SAML IdP implementation...


2) Does the Java RP includes an interoperable SAML implementation? (i can't understand this in the official website) 



Best regards,
Stefano.




_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev


_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev




Back to the top