Hi Andi,
SAML is not currently available as a login option when granting sponsorship.
So you're not mis-configuring it. Its just not there :)
- Julien
On 2016-06-08 11:53 AM, Morris, Andi wrote:
Hi,
I’m trying to setup SAML authentication for my users connecting to
sponsor a guest, and also potentially for my admin users, however I
can’t seem to get packetfence to attempt to authenticate the users
with this source. I’ve even tried pushing the SAML section right to
the top of the authentication.conf file.
The SAML conf is as below:
[Shib_dev]
description=Shib_dev
idp_ca_cert_path=/usr/local/pf/conf/ssl/idp.crt
idp_entity_id=https://idp.dev.cardiffmet.ac.uk/idp/shibboleth
idp_metadata_path=/usr/local/pf/conf/ssl/cardiffmet-dev-metadata.xml
username_attribute=urn:mace:shibboleth:2.0:attribute:encoder
dynamic_routing_module=AuthModule
idp_cert_path=/usr/local/pf/conf/ssl/idp.crt
sp_entity_id=https://pfguestdev.internal.uwic.ac.uk
type=SAML
authorization_source_id=DC1
sp_cert_path=/usr/local/pf/conf/ssl/server.crt
sp_key_path=/usr/local/pf/conf/ssl/server.key
[local]
description=Local Users
dynamic_routing_module=AuthModule
type=SQL
[file1]
description=Legacy Source
stripped_user_name=yes
path=/usr/local/pf/conf/admin.conf
dynamic_routing_module=AuthModule
type=Htpasswd
[file1 rule admins]
description=All admins
class=administration
match=all
action0=set_access_level=ALL
[DC1]
description=dc1
password=password
scope=sub
binddn=CN=ldappacketfence,CN=Users,DC=internal
basedn=OU=User Accounts,DC=internal
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
stripped_user_name=yes
encryption=none
cache_match=1
dynamic_routing_module=AuthModule
port=389
type=AD
host=192.168.1.1
[DCLL01 rule Admin]
description=
class=administration
match=any
action0=set_access_level=ALL
action1=mark_as_sponsor=1
condition0=sAMAccountName,equals,admin
[DCLL01 rule All_staff]
description=
class=administration
match=any
action0=mark_as_sponsor=1
condition0=memberOf,equals,CN=STAFF,OU=User Accounts,DC=internal
I’m not expecting the actual SAML auth to work first time, but it
doesn’t appear to be even trying to send the request to my IdP server.
Cheers,
Andi
------------------------------------------------------------------------
Cardiff Metropolitan University - Queens Anniversary Prizes 2015
<http://www.cardiffmet.ac.uk/news/Pages/Cardiff-Met-research-recognised-in-Queens-Anniversary-Prizes-for-Higher-and-Further-Education.aspx>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
