[Shib-Users] Fwd: Shibboleth2 and web application JAAS?

51 views
Skip to first unread message

Keith Hazelton

unread,
Jan 20, 2011, 4:07:01 PM1/20/11
to Shibboleth Users
Advice for our colleague here at Madison?   --Keith

Begin forwarded message:

From: Scott Prater <pra...@wisc.edu>
Date: January 20, 2011 11:49:55 CST
To: SCOTT J BUCKINGHAM <sjbuck...@doit.wisc.edu>, KEITH D HAZELTON <haze...@wisc.edu>, Bradley Schwoerer <schw...@doit.wisc.edu>
Subject: Shibboleth2 and web application JAAS?

Do any of you have any experience, or know of anyone in DoIT, who has worked with JAAS in a web application that is fronted by Shibboleth2 authnz?

I'm playing with our Fedora repository, and it has a new, semi-experimental JAAS module that can be configured to handle authnz for access to repository objects.  The only references I'm finding to integrating Shibboleth and JAAS from a consuming application's POV, though, are to the SPIEE project, last updated in 2006, using Tomcat 5.5 and Shibboleth 1.3.  I'm thinking there has to be more recent work done.

Thanks in advance,

-- Scott
--
Scott Prater
Library, Instructional, and Research Applications (LIRA)
Division of Information Technology (DoIT)
University of Wisconsin - Madison
pra...@wisc.edu

Steven Carmody

unread,
Jan 20, 2011, 4:43:19 PM1/20/11
to shibbole...@internet2.edu, Michael Park
Here at Brown, we are using Shib + Fedora, but are NOT using JAAS to
make that connection.

> We're not using any JAAS - straight shib and fedora. This link
> should explain it all. But I'm more than happy to answer any other
> questions.
>https://wiki.brown.edu/confluence/display/bipg/shibboleth+fedora+authentication
>
> -Mike

Michael Park (CC'ed on this msg) did the work and is willing to answer
questions.

On 1/20/11 4:07 PM, Keith Hazelton wrote:
> Advice for our colleague here at Madison? --Keith
>
> Begin forwarded message:
>

>> *From: *Scott Prater <pra...@wisc.edu <mailto:pra...@wisc.edu>>
>> *Date: *January 20, 2011 11:49:55 CST
>> *To: *SCOTT J BUCKINGHAM <sjbuck...@doit.wisc.edu
>> <mailto:sjbuck...@doit.wisc.edu>>, KEITH D HAZELTON
>> <haze...@wisc.edu <mailto:haze...@wisc.edu>>, Bradley Schwoerer
>> <schw...@doit.wisc.edu <mailto:schw...@doit.wisc.edu>>
>> *Subject: **Shibboleth2 and web application JAAS?*


>>
>> Do any of you have any experience, or know of anyone in DoIT, who has
>> worked with JAAS in a web application that is fronted by Shibboleth2
>> authnz?
>>
>> I'm playing with our Fedora repository, and it has a new,
>> semi-experimental JAAS module that can be configured to handle authnz
>> for access to repository objects. The only references I'm finding to
>> integrating Shibboleth and JAAS from a consuming application's POV,
>> though, are to the SPIEE project, last updated in 2006, using Tomcat
>> 5.5 and Shibboleth 1.3. I'm thinking there has to be more recent work
>> done.
>>
>> Thanks in advance,
>>
>> -- Scott
>> --
>> Scott Prater
>> Library, Instructional, and Research Applications (LIRA)
>> Division of Information Technology (DoIT)
>> University of Wisconsin - Madison

>> pra...@wisc.edu <mailto:pra...@wisc.edu>
>

Chad La Joie

unread,
Jan 20, 2011, 4:52:37 PM1/20/11
to shibbole...@internet2.edu
JAAS is a desktop authentication technology. There is no standard for
using it in webapps (nor does it work terribly well for it as we've
learned with the IdP). You'll have to get the documentation from the
Fedora folks to tell exactly what information they are looking for,
where it comes from, and what they can do with it.

My guess would be that they are either feeding the entire HTTP request
in to the JAAS context and JAAS plugins written for Fedora will need to
pull out data as necessary. Or they are expecting people to put up a
username/password form and put that information in to the JAAS context
so that standard JAAS plugins can verify them.

On 1/20/11 4:07 PM, Keith Hazelton wrote:

> Advice for our colleague here at Madison? --Keith
>
> Begin forwarded message:
>

>> *From: *Scott Prater <pra...@wisc.edu <mailto:pra...@wisc.edu>>
>> *Date: *January 20, 2011 11:49:55 CST
>> *To: *SCOTT J BUCKINGHAM <sjbuck...@doit.wisc.edu
>> <mailto:sjbuck...@doit.wisc.edu>>, KEITH D HAZELTON
>> <haze...@wisc.edu <mailto:haze...@wisc.edu>>, Bradley Schwoerer
>> <schw...@doit.wisc.edu <mailto:schw...@doit.wisc.edu>>
>> *Subject: **Shibboleth2 and web application JAAS?*
>>

>> Do any of you have any experience, or know of anyone in DoIT, who has
>> worked with JAAS in a web application that is fronted by Shibboleth2
>> authnz?
>>
>> I'm playing with our Fedora repository, and it has a new,
>> semi-experimental JAAS module that can be configured to handle authnz
>> for access to repository objects. The only references I'm finding to
>> integrating Shibboleth and JAAS from a consuming application's POV,
>> though, are to the SPIEE project, last updated in 2006, using Tomcat
>> 5.5 and Shibboleth 1.3. I'm thinking there has to be more recent work
>> done.
>>
>> Thanks in advance,
>>
>> -- Scott
>> --
>> Scott Prater
>> Library, Instructional, and Research Applications (LIRA)
>> Division of Information Technology (DoIT)
>> University of Wisconsin - Madison

>> pra...@wisc.edu <mailto:pra...@wisc.edu>
>

--
Chad La Joie
http://itumi.biz
trusted identities, delivered

Reply all
Reply to author
Forward
0 new messages