Release 6.8.6
this just adds the extra path for shibboleth-based login. The site's now configured to pass all such requests through shibd, while leaving other login requests alone.

This is now working through the test IdP, though I did have to modify the tomcat config to get it to pick up on the REMOTE_USER variable set by shibd: set tomcatAuthentication to false so that tomcat receives the variable propagated by apache.

So: you can now make a login request to our site, get redirected to an identity provider and redirected back to us. The login code will see your authenticated identity (well, enough to decide whether or not to grant access) and will log you into the site.

Remaining work: register our service provision details with the federation, integrate their metadata and offer a directory/where-are-you-from service from our login page. Getting there...

T

Labels: config, release, shibboleth

- posted by Tim Bruce @ 3:35 PM