Have an SVN Application on Apache, presently using LDAP in httpd.conf, how to make it integrated with SAML
1,088 views
Skip to first unread message
Anil Kumar
Feb 26, 2016, 6:08:52 PM2/26/16
to SimpleSAMLphp
Can some one provide documentation or steps on doing below things:
Have an SVN application running on top of Apache. Presently using LDAP in httpd.conf for authentication into svn url. The svn url is used by users to place files, etc.
How can we install and setup simpleSAMLphp on this SVN server, and what are the required changes need to be done to httpd.conf to use SAML.
Have Okta for SAML.
Some useful resources will be very helpful.
Thank you,
Anil.
Have an SVN application running on top of Apache. Presently using LDAP in httpd.conf for authentication into svn url. The svn url is used by users to place files, etc.
How can we install and setup simpleSAMLphp on this SVN server, and what are the required changes need to be done to httpd.conf to use SAML.
Have Okta for SAML.
Some useful resources will be very helpful.
Thank you,
Anil.
Jason Haar
Feb 26, 2016, 10:30:53 PM2/26/16
to simple...@googlegroups.com
mod_mellon would be the closest plug-in replacement Apache module that would enable SAML authentication. However, be aware that SAML is a "web only" authentication system - so it might be inappropriate for you to use it for this application, as it's a SVN service. ie there are more client software components besides web browsers, so how will they do the SAML bit?
You really need to look at the entire application experience before you decide that SAML is appropriate
Jason
--
You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at https://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Anil Kumar
Feb 26, 2016, 10:57:32 PM2/26/16
to simple...@googlegroups.com
Thank you very much for the information.
Will there be a way to have both i.e. web authentication for SVN via SAML (like mod_mellon for apache) and additional ldap authentication for users access SVN via non-web like SVN desktop application.--
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/H_QVth4clGo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlph...@googlegroups.com.
Peter Schober
Feb 27, 2016, 8:44:31 AM2/27/16
to simple...@googlegroups.com
* Jason Haar <jason...@trimble.com> [2016-02-27 04:30]:
> However, be aware that SAML is a "web only" authentication system -
It's not. The "Web Browser SSO Profile" is meant to be used with
ordinary web browsers, right. There's also a profile for protecting
http-based resoures that are /not/ meant to be accessed with a web
browser, called "Enhanced Client or Proxy Profile" (ECP).
In this case that's moot, though, unless someone added ECP support to
whatever SVN clients the OP intends on supporting.
> so it might be inappropriate for you to use it for this application,
> as it's a SVN service. ie there are more client software components
> besides web browsers, so how will they do the SAML bit?
Right. Use SAML for protecting the web view of your SVN repo (there's
plenty of software available to do that, e.g. Trac also adds lots of
useful features), and use something else for SVN clients.
Personally I'd use the SAML web front end to collect (and authorize)
SSH public keys from the people needing to access your server, and let
their SVN clients use the svn+ssh: schema to access the SVN server
(i.e., SVN clients use SSH to access your repositories, only web view
uses HTTPS and SAML).
-peter
> mod_mellon would be the closest plug-in replacement Apache module
> that would enable SAML authentication.
Right, it even supports ECP (as does the Shibboleth SP).
> that would enable SAML authentication.
> However, be aware that SAML is a "web only" authentication system -
ordinary web browsers, right. There's also a profile for protecting
http-based resoures that are /not/ meant to be accessed with a web
browser, called "Enhanced Client or Proxy Profile" (ECP).
In this case that's moot, though, unless someone added ECP support to
whatever SVN clients the OP intends on supporting.
> so it might be inappropriate for you to use it for this application,
> as it's a SVN service. ie there are more client software components
> besides web browsers, so how will they do the SAML bit?
plenty of software available to do that, e.g. Trac also adds lots of
useful features), and use something else for SVN clients.
Personally I'd use the SAML web front end to collect (and authorize)
SSH public keys from the people needing to access your server, and let
their SVN clients use the svn+ssh: schema to access the SVN server
(i.e., SVN clients use SSH to access your repositories, only web view
uses HTTPS and SAML).
-peter
Peter Schober
Feb 27, 2016, 8:45:10 AM2/27/16
to simple...@googlegroups.com
* Anil Kumar <panilk...@gmail.com> [2016-02-27 04:57]:
project) whatsever.
-peter
> Will there be a way to have both i.e. web authentication for SVN via
> SAML (like mod_mellon for apache) and additional ldap authentication
> for users access SVN via non-web like SVN desktop application.
Sure. There is just no relation to SimpleSAMLphp (i.e., this list /
> SAML (like mod_mellon for apache) and additional ldap authentication
> for users access SVN via non-web like SVN desktop application.
project) whatsever.
-peter
Anil Kumar
Feb 27, 2016, 5:08:26 PM2/27/16
to simple...@googlegroups.com
Thank you very much!
Anil.
Reply all
Reply to author
Forward
0 new messages