Hello I have Adam's non-FeSL SSO servlet filter working with XACML. But now that it is working, I'd like to break things again.
At my institution, Shibboleth protected pages will redirect you to a login page, and upon successful authentication, send you back to the protected page. If Shibboleth is the only method of authentication and a required method, then this is fine for interacting with Fedora using a modern web browser. But there are a few instances where this won't work well. The command line client utilities won't be able to authenticate you, as, with SSO, Fedora doesn't have access to your credentials. A work around here is to use a different host name when running the client utilities, e.g. localhost instead of the more qualified name that the SSO knows about. Another example is that of chaining SSO authentication with the other methods found in FeSL (user file, LDAP etc.). FeSL takes your credentials, and then uses the methods specified in jaas.conf. Shibboleth requires that you visit a special page where you enter your credentials. I'm not sure whether it is possible for Fedora to take your username/password and conduct the SSO authentication behind the scenes, and if successful, replicate the HTTP headers and cookies, so that you stay signed on. Looking at the authenticate method in AuthFilterJAAS.java, an authenticated subject is found in the session by using the value of the authorization HTTP header, which contains the username and password of the subject. So, even if you have authenticated using SSO, FeSL won't know this, and will ask you to authenticate again. The filters should work independently of each other. But they should have some common way of recognising is you are logged in or not. And maybe they should have a common means of obtaining user credentials. I don't have any answers or suggestions yet. Maybe someone else does. Swithun. -- The University of St Andrews is a charity registered in Scotland: SC013532 ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
