Shibboleth/Dataverse Network integration
Philip Durbin
philip_durbin at harvard.edu
Mon Feb 11 17:03:06 EST 2013
On Thu, Feb 7, 2013 at 6:04 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>> I plan to use https://github.com/dvn/shibpoc to learn about
>> Shibboleth. I was thinking I'd follow the Service Provider
>> instructions at http://testshib.org and see if I can get a basic setup
>> with Apache. No Glassfish, no Java EE... just try to protect
>> https://yourhost.org/secure/ with a Shibboleth login per the tutorial.
>
> Ok, I don't know what your code is intending to do, exactly, but any code you would write involving use of a Shibboleth SP is meant to confine itself to pulling CGI information or using redirects to request certain things to happen. It's not an API you code to in Java or a library.
Just a quick follow up that https://github.com/dvn/shibpoc does
something useful now. And it has a much improved readme. :)
It uses Puppet to configure https://dvn-vm2.hmdc.harvard.edu with
https://testshib.org , including setting up
/etc/shibboleth/shibboleth2.xml with the contents of
https://www.testshib.org/cgi-bin/sp2config.cgi?dist=Others&hostname=dvn-vm2.hmdc.harvard.edu
That's where my automation ends. Then I manually register with
TestShib by uploading
https://dvn-vm2.hmdc.harvard.edu/Shibboleth.sso/Metadata to
https://www.testshib.org/metadata.html
And... it works! https://dvn-vm2.hmdc.harvard.edu/secure/ is protected
behind a TestShib login page. After login, I can see the content I
expect, which is great.
I can see how this would be useful for protecting directories from the
public. Perhaps you could put licensed software in that directory and
have your students log into your IdP before they can download it.
I still have a long way to go... Rather than protecting a static
directory of files, my actual goal is to incorporate Shibboleth into
the authentication system for our Glassfish app (as I've mentioned
before). Just getting something to work with TestShib feels like
progress though. And I have a better understanding of all the
exchanges that happen.
I'm not quite sure which direction I'll go next. I may take a look at
http://code.google.com/p/websso/ which uses
https://wiki.shibboleth.net/confluence/display/OpenSAML/Home/ after a
conversation I had with a guy in #glassfish on Freenode:
http://www.evanchooly.com/logs/%23glassfish/2013-02-07
And I'll be sure to check out the links that people on this list have sent me.
Thanks for listening,
Phil
--
Philip Durbin
Software Developer for http://thedata.org
http://www.iq.harvard.edu/people/philip-durbin
More information about the users
mailing list