Hello Everyone,
I am looking at Shibboleth. I have seen one example
(http://www.switch.ch/aai/support/presentations/opcom-201105/AAI-OpCom-AAI_for_mandatory_authentication_and_proxy_usage.pdf)
for using it with Squid. I am afraid it makes no sense to me.
I am afraid I do not know much about Shibboleth yet. It has three
components for authentication, user, password, domain. It has to use
redirects, etc.
I see an easy way for this to work, but need help figuring it out.
If a user isn't authenticated, I need to send them to a url.
How do I know if a user is authenticated? Well, it seems that this is
going to have to be passing the requesting client's ip address to a
program and get the response back if they are authenticated or not. It
would be nice if I could pass a user name, but I am not sure how to do
this as this would require interaction with the browser and this should
be SSO.
So, is it possible to do an auth_param to a special program that just
looks at the ip address? Have it return yes/no for if it is an
authenticated session?
If no, then do a url_rewrite_access (I am assuming this is correct)?
Finally, is it possible to have multiple authentication algorithms? Some
of the users will be local and be able to do krb5/spnego. So, if at all
possible, I would like to have the option of trying krb5, then spnego,
then Shibboleth.
Thank you for any help,
Trever
This archive was generated by hypermail 2.2.0 : Wed Dec 12 2012 - 12:00:04 MST