Thanks, Adam. I'll take a look at that issue, and the patch. -- Scott
aj...@virginia.edu wrote: > Scott-- > > We're using the functionality advertised here: > > https://wiki.duraspace.org/display/FCR30/Authentication+and+User+Attributes > > and having a good deal of success. Be advised, however, that current Fedora > code includes a bug as detailed here: > > https://jira.duraspace.org/browse/FCREPO-847 > > for which Bill Niebel and I have provided a patch (included in that same JIRA > issue). With that bug patched, we've had no difficulty writing XACML policies > against user attributes provided in Shibboleth HTTP-headers. > > I simply haven't been able to reckon on any way to integrate our instance of > Shibboleth (which uses PubCookie for authn) and FeSL, but that's to do with > our instance. In general, though, it's not clear to me that there is a > graceful way of setting up JAAS with Shibboleth as a provider. > > --- > A. Soroka > Digital Research and Scholarship R & D and Online Library Environment > the University of Virginia Library > > > > > On Jan 12, 2011, at 12:05 PM, Scott Prater wrote: > >> Adam, Chris -- >> >> We also plan to start some experimenting with linking Shibboleth to >> Fedora soon. We haven't looked at FeSL yet, but I'd be interested in >> hearing others' experiences on this front. >> >> -- Scott >> >> aj...@virginia.edu wrote: >>> Thanks, Chris-- >>> >>> In fact, we have moved on to using Shibboleth authn with attributes (with >>> PubCookie-supported authn) for our purposes, which means that not only are >>> we not going to try to leverage the PubCookie code, but we will not be >>> using FeSL authn. It's not at all clear to me how to usefully connect >>> Shibboleth and JAAS to support FeSL authn. We would like to use FeSL authz. >>> We aren't finding it stable enough yet for our needs this spring, but we >>> look forward to using it soon. >>> >>> --- >>> A. Soroka >>> Digital Research and Scholarship R & D and Online Library Environment >>> the University of Virginia Library >>> >>> >>> >>> >>> On Jan 12, 2011, at 10:59 AM, Chris Wilper wrote: >>> >>>> On Fri, Dec 24, 2010 at 12:51 PM, <aj...@virginia.edu> wrote: >>>>> In org.fcrepo.server.security.servletfilters.pubcookie, I find a servlet >>>>> filter that is apparently designed to offer non-FeSL PubCookie >>>>> authentication. I don't, however, find any mention of this code in the >>>>> documentation. >>>> This was developed a long time ago and I could be wrong, but I don't >>>> think it ever worked. I expect it will be cleaned up as part of the >>>> eventual migration to FeSL's AuthN. >>>> >>>>> I'm wondering if this is supported functionality, if anyone is using it, >>>>> and if there is any documentation about how to use it? Our local >>>>> PubCookie service is our SSO, and we'd like to authenticate against it >>>>> and retrieve attributes for authorization from the Shibboleth service >>>>> associated with it. >>>>> >>>>> Is this configuration supported by >>>>> org.fcrepo.server.security.servletfilters.pubcookie, or can >>>>> org.fcrepo.server.security.servletfilters.pubcookie be leveraged as the >>>>> authentication step in this design? >>>> I'm not really familiar with pubcookie (or that code) myself, so I >>>> can't say whether it can be leveraged for what you want it to do. But >>>> I'd definitely advise looking for newer, proven-working code out >>>> there, and considering plugging it in the new way, via FeSL authN, if >>>> you do. >>>> >>>> - Chris >>>> >>>> ------------------------------------------------------------------------------ >>>> Protect Your Site and Customers from Malware Attacks >>>> Learn about various malware tactics and how to avoid them. Understand >>>> malware threats, the impact they can have on your business, and how you >>>> can protect your company and customers by using code signing. >>>> http://p.sf.net/sfu/oracle-sfdevnl >>>> _______________________________________________ >>>> Fedora-commons-users mailing list >>>> Fedora-commons-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users >>> >>> ------------------------------------------------------------------------------ >>> Protect Your Site and Customers from Malware Attacks >>> Learn about various malware tactics and how to avoid them. Understand >>> malware threats, the impact they can have on your business, and how you >>> can protect your company and customers by using code signing. >>> http://p.sf.net/sfu/oracle-sfdevnl >>> _______________________________________________ >>> Fedora-commons-users mailing list >>> Fedora-commons-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users >> >> -- >> Scott Prater >> Library, Instructional, and Research Applications (LIRA) >> Division of Information Technology (DoIT) >> University of Wisconsin - Madison >> pra...@wisc.edu >> >> ------------------------------------------------------------------------------ >> Protect Your Site and Customers from Malware Attacks >> Learn about various malware tactics and how to avoid them. Understand >> malware threats, the impact they can have on your business, and how you >> can protect your company and customers by using code signing. >> http://p.sf.net/sfu/oracle-sfdevnl >> _______________________________________________ >> Fedora-commons-users mailing list >> Fedora-commons-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > > ------------------------------------------------------------------------------ > Protect Your Site and Customers from Malware Attacks > Learn about various malware tactics and how to avoid them. Understand > malware threats, the impact they can have on your business, and how you > can protect your company and customers by using code signing. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users -- Scott Prater Library, Instructional, and Research Applications (LIRA) Division of Information Technology (DoIT) University of Wisconsin - Madison pra...@wisc.edu ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
