So my first question would be, has anyone out there successfully used
Shibboleth to authenticate Panopto? The google searches and reading
I've done seem thin... If someone has pulled it off, they don't seem
to be talking about it. I would welcome any tips, examples, insight
and warnings you might have.
I have been experimenting and playing with it, based on their ADFS
config (http://support.panopto.com/focus-4-articles/24-activedirectory/399-hosted-panopto-federated-authentication)
and have stored their metadata, configured basic filters etc, but
there is one AD attribute they want that seems problematic. The AD
attribute "tokenGroups". I am unable to pull this attribute
successfully with any tool, even powershell with the ActiveDirectory
module, to examine it.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680275%28v=vs.85%29.aspx
From what I've uncovered so far this attribute seems to be some kind
of conglomerate value that has to then be broken down into SID's and
enumerated. Even if I can get my hands on that attribute, I'm not
sure how I would pull off the enumeration of it in Shibboleth. I'm
hoping someone out there has cracked this nut before and can show me
how. Any ideas?
Chuck
Utah State University
--
To unsubscribe from this list send an email to users-un...@shibboleth.net
There is a Microsoft KB article that sort of describes this that might help you: http://support.microsoft.com/kb/301916
And this one is more programmatic that describes how the data structure is constructed: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379624(v=vs.85).aspx
Adam Schumacher
Information Security Engineer
Creighton University