pwm working with Shibboleth IDP
157 views
Skip to first unread message
Jon K
Nov 2, 2011, 1:17:43 PM11/2/11
to pwm-general
I am trying to figure out a way to have my Shibboleth IDP use pwm as
the authn provider. Anybody do this? I saw that I could use CAS but
that seems silly to add more stuff into this.
the authn provider. Anybody do this? I saw that I could use CAS but
that seems silly to add more stuff into this.
Jason Rivard
Nov 2, 2011, 1:41:31 PM11/2/11
to pwm-g...@googlegroups.com
I don't see PWM ever becoming an IDP (saml authn provider). Perhaps a service provider some day, but it's not intended as an authentication mechanism.
--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To post to this group, send email to pwm-g...@googlegroups.com.
To unsubscribe from this group, send email to pwm-general...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/pwm-general?hl=en.
Jason Rivard
Nov 2, 2011, 1:42:36 PM11/2/11
to pwm-g...@googlegroups.com
I should add that patches are always welcome, and if someone writes a good patch I'll add it to pwm regardless of my opinion of its usefulness, unless it breaks something else.
Jon K
Nov 2, 2011, 1:59:23 PM11/2/11
to pwm-general
I don't want pwm be a IDP I want pwm to be the authentication for our
IDP. Right now our Shib IDP is hooked to an LDAP for authentication.
I would rather have pwm do the authentication and pass the username to
our IDP to add all the SAML gunk on it.
Maybe I am going the wrong direction, there is an externalauthn in
Shib now that I need to look at closer.
IDP. Right now our Shib IDP is hooked to an LDAP for authentication.
I would rather have pwm do the authentication and pass the username to
our IDP to add all the SAML gunk on it.
Maybe I am going the wrong direction, there is an externalauthn in
Shib now that I need to look at closer.
Jon K
Nov 2, 2011, 2:38:50 PM11/2/11
to pwm-general
I want to use this in my IDP
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthExternal
And have pwm handle the authentication
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthExternal
And have pwm handle the authentication
Jason Rivard
Nov 2, 2011, 3:34:37 PM11/2/11
to pwm-g...@googlegroups.com
Interesting, I'm not sure I understand the distinction, but I'll take your word for it.
I'm not sure what value add this would have though. PWM's ldap authentication module is pretty straightforward and standard. What does PWM do that Shibolith's LDAP provider doesn't? (Not having ever seen Shibolith, I really don't know).
I can only guess your thinking of some of the password expiration handling processes? In which case you might find creative ways to use the CommandServlet url's in the docs after an authentication has been performed:
Menno Pieters
Nov 2, 2011, 4:05:08 PM11/2/11
to pwm-g...@googlegroups.com
On Wed, Nov 2, 2011 at 7:38 PM, Jon K <jko...@gmail.com> wrote:
I want to use this in my IDP
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthExternal
And have pwm handle the authentication
Why not use LDAP? PWM uses LDAP as the authentication source, too.
If you're looking for a "translation" of LDAP to HTTP(S), you could simply set up Apache and protect a specified page with mod_auth_ldap. If the HTTP response code is anything other than 200, the login failed.
- Menno
Reply all
Reply to author
Forward
0 new messages