Download presentation
Presentation is loading. Please wait.
Published byBuddy Hutchinson Modified over 6 years ago
1
Shibboleth SP Update Spring 2012 Scott Cantor cantor.2@osu.edu
2
https://wiki.shibboleth.net/confluence/display/DEV/SPRoadmap
SP V2.5 See bottom of page for list of bug fixes and feature additions Alpha RPM releases available from Targeting a Summer release Significant note: Solaris build will be “hard” due to limitations of platform/compiler; gcc may become a better choice
3
Packaging Run as non-root (done)
Version-independent web content (done) Protect conf.d/shib.conf Apache settings (done) Init script support for /etc/sysconfig/shibd (done) Working towards Windows upgrade support (expected)
4
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLogging
Audit Logging Backward compatible if not specially configured Deployer-selected fields, format, delimiters, etc. Open to input on new defaults
5
“Boarding” / Error Handling
Leverage information about attributes required by a service Validate requirements at login time before transfer of control back to resources Handle missing attributes with customized error responses
6
“Boarding” / Error Handling
New plugins that can extract useful info from metadata (errorURL, contacts, descriptions, policy links) “Metadata AttributeExtractor” Post-login validation Generic “sessionHook” feature “Attribute Checker” endpoint <Handler type="AttributeChecker" Location="/AttrChecker" attributes=”eppn displayName” template="attrChecker.html" flushSession="true"/>
7
Attribute Munging Transform AttributeResolver
<AttributeResolver type="Transform" source="displayName"> <Regex match="^(.+) (.+)$" dest="givenName">$1</Regex> <Regex match="^(.+) (.+)$" dest="sn">$2</Regex> </AttributeResolver> Template AttributeResolver <AttributeResolver type="Template" source="givenName sn" dest="displayName"> <Template>$givenName $sn</Template> </AttributeResolver>
8
Back Door Integration OpenID Connect not supported yet. Since it's so easy, you can do it. Two mechanisms: Generate a SAML ArtifactResponse message in a file; generate a matching artifact for client to submit using SAML artifact binding. Generate SAML assertion and submit to from server-side script, get back session cookie to give to client
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.