Bugzilla – Bug 6504
Support for SAML V2.0 Metadata
Last modified: 2008-11-03 09:26:54
You need to
before you can comment on or make changes to this bug.
GridShib for GT v0.5.x supported SAML V2.0 Metadata (for the purposes of
attribute query) but SAML V2.0 Metadata is not currently supported in GridShib
for GT v0.6.x (which doesn't support attribute query). Toolkit-level support
for SAML V2.0 Metadata currently exists in globus-opensaml-1.1.jar. Note that
support for SAML V2.0 Metadata does not require support for SAML V2.0 overall.
Add support for SAML V2.0 Metadata to GridShib for GT, and use the Metadata to
facilitate trust in attribute push. This precludes the use of 1) the trusted
DNs metadata file (Bug 6427), and 2) the trusted scopes metadata file (Bug
6477), both of which are implemented as flat files. With SAML V2.0, trusted
DNs and trusted scopes are bound to XML:
As seen in the above example, a nice by-product of SAML V2.0 Metadata is the
exposure of contact information required for the Science Gateway use case.
While refactoring the EntityMap interface (Bug 6501), it became clear that that
interface is not able to accommodate SAML metadata. For one thing, SAML
entities are mapped to roles in metadata, not to security bits such as DNs or
certificates. The latter are role-specific.