The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

SP Infocard Discussion

Owned by Former user (Deleted)
Last updated: Jun 09, 2009Version comment
1 min read

Infocard issues and choices at the SP

Session initiation

Infocard login is initiated by a form posting. The form lists all the requested attributes, required and optional.

We define a template files containing such form and define a session initiator to go with each file. Thus the specific sets of attributes are predefined and each is selected by the corresponding session initiator's id.

Known IdP

A response from an IdP contains the KeyInfo identity of the IdP. We use this to locate the IdP's metadata and pass the entity ID in the environment variable Shib_Identity_Provider.  Other attribute processing is similar to a normal SAML2 IP response.

Self-issued cards

A response from an IS personal card contains the a unique public key modulus and exponent. A hash of this information is passed in the environment variable Shib_Infocard_Key. Other card claims are passed similar to a normal SAML2 IP response.