Hi Kevin,

Good comment.  It's true that using the default XWiki authenticator and
relying on a Tomcat or Apache level authenticator is always an easier way
than full protocol implementation.
However we usually also want to have the XWiki user be created with data
coming from the authentication.

Have you seen this done ? Can you point out which SAML product that you
know off and that have a container level implementation and that you have
seen working with XWiki ?

Ludovic


2013/3/29 Kevin P. Foote <kpfo...@iup.edu>

>
> Just a comment.. (I'm a list watcher 99.9% of the time)
>
> XWIKI will work just fine with SAML products that engage at the
> container level.. You just use a HTTP auth type authenticator which there
> are a few out there in the contributions area.
>
> My advice would be to NOT write to the SAML protocol where this gets
> really intricate.. but to just let the known to work SAML products do
> their thing. Pulling the SAML bits into XWIKI does not buy you anything
> intricate to the product and just adds much more room for error on the
> authenticator.
>
> People wanting to implement their own SAML stack inside 'web appX'
> is a topic that always comes up on some of the lists I'm on and the SAML
> people always say there is really no reason to do this.. o
>
> IMO leave the SAML bits to saml products** and use a http authenticator
> that you like.
>
> ** Just to name a few:
>  - http://simplesamlphp.org/ ,
>  - http://shibboleth.net/ ,
>  - 
> https://github.com/guanxi/**guanxi-sp-guard<https://github.com/guanxi/guanxi-sp-guard>,
>
>
> ------
> thanks
>  kevin.foote
>
>
> On Fri, 29 Mar 2013, Valdis Vītoliņš wrote:
>
>  Nicolas,
>> If you'd be able to rebuild this module that it at least compiles and
>> does something, I'd also be interested in trying it and contributing to
>> its development.
>>
>> Valdis
>>
>>> Hi Nicolas,
>>>
>>> If I remember correctly I wrote this authenticator and I think it
>>> requires
>>> some code in XWiki pages to manage the redirects but I don't think I have
>>> this code anymore.
>>> Plus it was for one custom SAML server and has not been tested with
>>> multiple ones.
>>>
>>> In any case it's a good basis for starting a SAML authenticator.
>>> If you are coding against a more widespread SAML server, do contribute
>>> your
>>> code :)
>>> You can takeover the module fully as no backwards compatibility is
>>> needed.
>>>
>>> Ludovic
>>>
>> ...
>>
>> ______________________________**_________________
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/**mailman/listinfo/users<http://lists.xwiki.org/mailman/listinfo/users>
>>
>
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
>


-- 
Ludovic Dubost
Founder and CEO
Blog: http://blog.ludovic.org/
XWiki: http://www.xwiki.com
Skype: ldubost GTalk: ldubost
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to