Hello,
I've managed to protect the OpenCA "pub" interface by a Shibboleth
Service Provider. After a user's authentication request to the
corresponding Shibboleth Identity Provider has been accepted, a SAML
Assertion, that contains a subset of the user's personal data:
- name
- mail-address
- organizational unit
- ...
is sent to the Service Provider and the data is available in the
Apache2 environment:
- HTTP_SHIB_PERSON_NAME
- HTTP_SHIB_PERSON_MAIL
- HTTP_SHIB_PERSON_OU
Now my intention is to map those Shibboleth variables into the
OpenCA environment in order to provide allready filled formular
(e.g. Basic Certificate Request) textfields. Therefore I'd like
to edit the initCGI script like this:
...
$cgi->param ("-name" => "OPENCA_DONT_KNOW_THE_NAME_01",
"-value" => $ENV{HTTP_SHIB_PERSON_NAME});
$cgi->param ("-name" => "OPENCA_DONT_KNOW_THE_NAME_02",
"-value" => $ENV{HTTP_SHIB_PERSON_MAIL});
$cgi->param ("-name" => "OPENCA_DONT_KNOW_THE_NAME_03",
"-value" => $ENV{HTTP_SHIB_PERSON_OU});
...
As you can see, I don't have a clue to what variable names I should
map the Shibboleth variables to. Could anybody please send me a list
of the OpenCA environment variables or just a hint where I can find
their declarations?
By the way, will this approach to edit the initCGI file succeed?
Is there more to do than just editing the initCGI file?
Markus
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�0944&bid$1720&dat�1642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
