On 29-04-16 08:46, paolo.cecchini via SimpleSAMLphp wrote:
> We do have quite a complex scenary downhere where SAML is used for
> Edugain stuff and also as SSO for local applications. We *need* to
> authenticate against a remote Oracle database, better if via Radius. We
> need to look up (additional) attributes from LDAP(s), too. I can't
> afford to put attributes on a Radius Dictionnary.
>
> We're on Shibboleth. We invoke Radius via JRadius, It's working but I'll
> be more than happy to get rid of Tomcat(8), and *really* happy when I
> can get rid of Java from scratch.
>
> I'm evaluating SimpleSAMLphp but looks like I'm missing some core
> feature. Or at least I'm not able to find out about.
I think simpleSAML can do what you want, I believe it's what we do as
well in our IdP (as a fallback scenario). We use the radius module to
authenticate the user against Radius, and then use the
AttributeAddFromLDAP authproc filter to retrieve additional attributes
from LDAP for that user.
The following documenation should describe how to use it:
https://simplesamlphp.org/docs/stable/radius:radius
https://simplesamlphp.org/docs/stable/ldap:ldap
Let us know if you have additional questions.
Cheers,
Thijs