Thank you. In the meantime we have gotten Shibboleth working correctly and we have just added an auth login to the user method in the default controller for the app. This way, users are automatically logged in as soon as any routine has they call a method requiring login or a group membership.
So far seems to be working well. We are still ironing out some finer points of the implementation. Kind Regards, David On Monday, August 19, 2019 at 3:58:37 PM UTC+2, Pbop wrote: > > I am not familiar enough with how AUTH works but can offer a perspective > that might help to the level you want AUTH to support AD or SAML2 SSOs. > > In both AD and SAML using the Shibboleth IIS Plug-in, you are in essence > designating a protected folder on the IIS web-server to require > authentication. In other words, if you land to that protected folder and > are NOT authenticated, IIS presents to the user an IIS generated > Challenge/Response screen to enter credentials for AD or sends you to the > IDP server (which can be any SAML2 IDP such as Shibboleth, ADFS, Azzure, > Google, Okta... ) for authentication. In both cases once IIS determines you > are authenticated (not the web-app), you ultimately are redirected back to > the protected folder as an authenticated user. As an authenticated user, > your browser header now has your login id in the header for AD and whatever > identity attributes are released from the IDP server such as login id, > emaiil, employee number, full name, shoe size... The catch to SAML2 is the > identity attributes can be whatever you agree to in the initial > configuration. > > My point is authentication is managed at the web-server and does not need > to be in the web application. What does need to be in the web application, > if AUTH is to be used, is some sort of mapping of the browser header > variables to appropriate columns and extending the data model if additional > identity attributes are needed once the user is authenticated. > > Perhaps I am over simplifying! Hope this helps! > > > On Sunday, August 18, 2019 at 1:35:32 AM UTC-4, Massimo Di Pierro wrote: >> >> web2py or py4web? I could use some help getting it to work for py4web. >> >> On Thursday, 1 August 2019 07:08:10 UTC-7, Davidiam wrote: >>> >>> We are working on a Shibboleth implementation now. So far it is working >>> better than the other tests we did on Windows. >>> >>> We wanted to test it using a localhost Shibboleth sp and idp but it >>> wasn't clear to us how we needed to configure it. >>> >>> Thanks for the tip! >>> >>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/0daf7711-43dc-43d8-bfc1-36d18856ecaf%40googlegroups.com.
