Shibboleth.SSO vs SAML2.SSO in Relying-Party.xml

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Shibboleth.SSO vs SAML2.SSO in Relying-Party.xml

Y Levine
I have had a mental meltdown trying to maintain my understanding on SAML while our main people are away.

Can anyone explain in layperson words what are the difference between the following 2 beans in Relying-Party.xml (Shibboleth v3)?

<bean parent="Shibboleth.SSO"
 <bean   parent="SAML2.SSO

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth.SSO vs SAML2.SSO in Relying-Party.xml

Nate Klingenstein-2
It's historical.  Shibboleth.SSO refers to the original Shibboleth protocol, which had to be defined because SAML 1.1 didn't include any form of AuthnRequest. SAML 2.0 is SAML 2.0, when the specification was sufficient for the features that Shibboleth wanted to render.

I dunno how to put that explanation into that context or make the configuration file any more clear since it's designed to be terse...

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth.SSO vs SAML2.SSO in Relying-Party.xml

Peter Schober
In reply to this post by Y Levine
* Y Levine <[hidden email]> [2018-05-09 01:17]:
> Can anyone explain in layperson words what are the difference between the
> following 2 beans in Relying-Party.xml (Shibboleth v3)?
>
> <bean parent="Shibboleth.SSO"
>  <bean   parent="SAML2.SSO

The former is SAML1 web browser SSO, the latter SAML2.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]