In theory it is possible for the mid-tier authentication. I have read up on it and looked into what it would take. I will say that it will require some programming on your part to make it happen. - In Shibboleth, you will need an IdP and a realm for your mid-tier application - On the web server in front of the mid-tier, you need something that is capable of issuing/handling a SAML assertion (an SP) - You need to hand the SP provided information from the web server to the servlet container (object; method is implementation dependant) - Within the mid-tier, you need to implement a custom authentication servlet to handle the assertion - Within the ARServer, you need to implement an AREA plugin capable of taking the data from your custom authentication servlet and authenticating the user
I have intentionally left out the details of how to create a trusted handshake between the mid-tier and AREA plug-in. This is an area of much debate. Ideally you would re-validate the credentials passed to the AREA plugin within the AREA plugin. What is more common is a shared secret between the authentication servlet and the AREA plugin. I'm not a fan of the shared secret approach because once the cat's out of the bag (that being the shared secret), it's out, and people can blindly authenticate to your arserver. This is all theory, not practice, so there may some things that I've missed. Also, there may be other ways to approach this, for example, you may not have a web server in front of your servlet container, in which case the architecture, and subsequently, the implementation, changes. Axton Grams On Thu, Nov 3, 2011 at 9:38 AM, O'Hara, Brad <[email protected]> wrote: > ** > > Hi,**** > > ** ** > > Has anyone been able to use Shibboleth for authentication?**** > > ** ** > > Thanks,**** > > Brad**** > > ** ** > > ----------------------------------------------------------------**** > > Brad O'Hara **** > > Manager: Network Support Services**** > > Computing and Networking Services**** > > University of Florida**** > > net-services.ufl.edu : Voice (352) 273-1347 : Fax (352) 273-0743**** > > ** ** > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
