shibboleth

问题 i don't know implement SAML2 protocol for my custom SP service, and i've some difficults... I have tried this; <?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.mydomain.ext/#/secure"> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://www.mydomain.ext/#/"

问题 I need to perform actions after Shibbolethlogin and before redirect to SP url. For me, the best solution would be "Shib page login" -> login ok -> redirect to my custom page -> redircet to sp url. How can i do that if it's possible? 回答1: It's possible, you need to create a custom HTTP filter as a extension of Shibboleth, make it available on the classpath of Shibboleth IDP application and register it in the descriptor of shibbboleth IPD web application (web.xml). There's Shibboleth extension

问题 I have encountered a weird problem when working with Shibboleth authentication running on Apache and when Tomcat7 running on the back end, Apache sends everything through mod_proxy_ajp. And so it does with parameters from Shibboleth. In the documentation it is explicitly stated that AJP sends only attributes with prefix attributePrefix="AJP_" and that a developer should not take shortcuts and enable sending auth attributes through HTTP headers: https://wiki.shibboleth.net/confluence/display

问题 Where can I find useful documentation about using Shibboleth and SAML for SSO besides the Shibboleth Wiki pages, preferably for Ruby applications? Ruby-specific documentation for Shibboleth seems to be very sparse. Does anyone know good resources, tutorials or HowTos? 回答1: Unfortunately, the only useful documentation I found is the official documentation from the creators of Shibboleth and SAML themselves. This seems to be a good technical overview about SAML 2 in general from the standards

问题 I am developing an application on Google App Engine in java. In this application I have to implement SSO using SAML2 . My google app engine application will act as service provider and identity provider will be a separate server. I have just to write the SP side of SSO. I am new to SAML and did much google on SAML and come to basic flow of user authentication in SSO. I found opensaml library that can be used to handle SAML messages between Idp and SP. I also found Shibboleth which is the

问题 When doing authn against a SAML 2 IdP, what does the Subject Name Identifier supposed to be for? Does it track each user login? I'm wondering if my SAML 2 service provider application should track these for different users. Since they are transient, they can be different for different logins (so I would need to track using a collection hanging off the user account). 回答1: The <NameIdentifier> element is a SAML 1.1 concept. It has been superseded by the <NameID> element which identifies the

问题 I have a simple web application. I want to set Shibboleth native SP in front of my web app so that it issues/asserts SAML related things and forwards request to my web app. Is there a complete tutorial how to achieve that? 回答1: Use testshib to test your app, it gives too much ease. Follow the steps download and instal sp on your machine include shibboleth's configuration into your apache 2.1. into httpd.conf file add include "PATH/opt/path/etc/apache22"(if version is apache2.2, otherwise

问题 I am developing an application which is authenticating via IDP which ins ADFS server. So it has some functionality to import IDP metadata from the program level by accessing metadata URL (given below) and update according to the service provider side. I am experiencing request processing exception when trying to process SAML metadata from the ADFS server URL. some solutions that I found says it is problem in wildfly8 , and fine with Wildfly 7+ and JBoss 7+ , but still I am having the same

问题 OKTA-Shibboleth(Apache)-Nakisa(Tomcat) SSO is working for logging-in. Now, I need to configure Logout. So, user logs out from the app, user needs to be redirected to OKTA page with tiles. But, currently,user is redirected to the app again. It's sending user to /logout?redirect=default.html but that default.html is captured by Apache rule and logging user back in. It looks like it needs to hit https://xxxx/Shibboleth.sso/Logout. When I access this url, it says logout is successfully done

问题 Is it possible to write a MembershipProvider in .NET for CAS Shibboleth? 回答1: You usually use a custom MembershipProvider when want to change the data source (es from sql to xml). By implementing a MembershipProvider you can override the Providerbase methods and change, for instance, where the Membership will verify if a user exists or where its stores it. So the answer is yes you can, there are a few drawbacks though. Membership in Asp.Net is usually part of the application and should run in