Yes, John's right about all that. The Higgins SAML2 IdP (in its default configuration) was made specifically to act as an IdP for Google Apps. It does support Single Logout, but I don't think it supports any of the other features you asked for.
By default, the Higgins SAML2 IdP uses its own internal special-purpose STS. It can also be configured to use the "full-featured" Higgins STS instead, which may come closer to your needs. This however would probably need some help from Mike to set up. Markus On Thu, Aug 12, 2010 at 6:20 AM, John Bradley <[email protected]> wrote: > As I recall the SAML implementation in higgins was targeted to work with > Google. > > It would need significant work to come up to SimpleSAMLphp, or Shibboleth > 2. > > Shib 2 has some information card and openID support but is looking for > people to maintain that. > > Especially if you require Kerberos Shib 2 is probably your best bet. > > John B. > On 2010-08-12, at 3:54 AM, Stefano Gargiulo wrote: > > - does it support SAML federation metadata in xml? > > > i just read this: > > Configure the SAML2 RP > > The saml2idp.test web application project contains the following files in > the WebContent/conf folder: > ...omississ... > > - *idp/cacert.pem*: This is the matching certificate (including a > public key) for the private key of the IdP. It is used to verify XML > Signatures in SAML 2.0 messages received from the IdP. The file is expected > to have a X509 structure and be in PEM (ascii) format. > > > So i suppose that higgins SP can trust just one IdP, and discovery service > protocol is not supported i'm right? > > And the IdP: > > * > > rp/*.pem: Every file ending in ".pem" in the rp/ subdirectory is > considered to be a matching certificate (including a public key) for the > private key of an RP, from which requests should be accepted. It is used to > verify XML Signatures in SAML 2.0 messages received from RPs. The file is > expected to have a X509 structure and be in PEM (ascii) format. > > * > > but where i can put the endpoints of all the services? or is it supposed to > interoperate just with Higgins RP? > > > Pratically my question is: can i interoperate higgins idp and sp with a > federation metadata like this: > > https://www.idem.garr.it/docs/conf/idem-test-metadata.xml > > ? > > Best regards, > Stefano. > > > > Hi all, > > I'm sorry: i don't know if i can ask things like this in this mailing > list but i didn't found any higgins-users ML. > > First of all congraturations: I discovered this awesome project today! I > come from Shibboleth, simpleSAMLphp, and OpenSSO (but now I'm implementing a > new SSO federation, so i just looked around for news) > > I like very much the innovative idea behind Higgins, so i want to try it, > but i've to be care because in the future my new SSO federation will need to > interoperate with a bigger one that's strongly based on Shibboleth (IDEM, > the italian educational federation) so before starting i've two questions, > one concerning the IdP and one for the Java RP: > > 1) Can the SAML2 IdP fully interoperate with Shibboleth and > SimpleSAMLphp SP? (we call SP, Service Provider, what you call RP)? > Does it support federation metadata in xml format? > Does it support attribute query profile? > Single Logout Request? > Attribute Aggregation (can it be an AtrributeAuthority?) etc? > > Or simply please tell me any know lack into the SAML IdP > implementation... > > > 2) Does the Java RP includes an interoperable SAML implementation? (i > can't understand this in the official website) > > > > Best regards, > Stefano. > > > > > _______________________________________________ > higgins-dev mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/higgins-dev > > > > _______________________________________________ > higgins-dev mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/higgins-dev > >
_______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev
