I too could use more info about how to use web2py SAML with Shibboleth. In particular I would like some help testing py4web with Shibboleth to make sure it is compliant.
On Tuesday, 22 October 2019 04:34:53 UTC-7, Davidiam wrote: > > Thank you. In the meantime we have gotten Shibboleth working correctly > and we have just added an auth login to the user method in the default > controller for the app. > This way, users are automatically logged in as soon as any routine has > they call a method requiring login or a group membership. > > So far seems to be working well. We are still ironing out some finer > points of the implementation. > > Kind Regards, > David > > On Monday, August 19, 2019 at 3:58:37 PM UTC+2, Pbop wrote: >> >> I am not familiar enough with how AUTH works but can offer a perspective >> that might help to the level you want AUTH to support AD or SAML2 SSOs. >> >> In both AD and SAML using the Shibboleth IIS Plug-in, you are in essence >> designating a protected folder on the IIS web-server to require >> authentication. In other words, if you land to that protected folder and >> are NOT authenticated, IIS presents to the user an IIS generated >> Challenge/Response screen to enter credentials for AD or sends you to the >> IDP server (which can be any SAML2 IDP such as Shibboleth, ADFS, Azzure, >> Google, Okta... ) for authentication. In both cases once IIS determines you >> are authenticated (not the web-app), you ultimately are redirected back to >> the protected folder as an authenticated user. As an authenticated user, >> your browser header now has your login id in the header for AD and whatever >> identity attributes are released from the IDP server such as login id, >> emaiil, employee number, full name, shoe size... The catch to SAML2 is the >> identity attributes can be whatever you agree to in the initial >> configuration. >> >> My point is authentication is managed at the web-server and does not need >> to be in the web application. What does need to be in the web application, >> if AUTH is to be used, is some sort of mapping of the browser header >> variables to appropriate columns and extending the data model if additional >> identity attributes are needed once the user is authenticated. >> >> Perhaps I am over simplifying! Hope this helps! >> >> >> On Sunday, August 18, 2019 at 1:35:32 AM UTC-4, Massimo Di Pierro wrote: >>> >>> web2py or py4web? I could use some help getting it to work for py4web. >>> >>> On Thursday, 1 August 2019 07:08:10 UTC-7, Davidiam wrote: >>>> >>>> We are working on a Shibboleth implementation now. So far it is working >>>> better than the other tests we did on Windows. >>>> >>>> We wanted to test it using a localhost Shibboleth sp and idp but it >>>> wasn't clear to us how we needed to configure it. >>>> >>>> Thanks for the tip! >>>> >>>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/16fafae5-54e2-4edb-81c6-2e231e613a39%40googlegroups.com.