Get Shibboleth environment variables with Python

James Dore james.dore at new.ox.ac.uk
Tue May 13 11:28:30 EDT 2014 

Ok, I *think* that’s happening - we’re having the eduPersonPrincipalName (eppn) attribute released to us at the moment by our IdP team, and it appears in the attribute-map.xml as being given id=eppn 

Within Apache, the config looks thus: (that appears to be putting the attribute in the http headers, can I do both headers and variable?)

<Location /secure>
	AuthType shibboleth
	ShibRequestSetting requireSession 1
	ShibUseHeaders on
	require valid-user
	require affilitation ~ ^.+ at ox\.ac\.uk$
#	ProxyPass https://gatekeeper.new.ox.ac.uk/secure
#	ProxyPassReverse https://gatekeeper.new.ox.ac.uk/secure
	RequestHeader set REMOTE_USER "%{eppn}e"
</Location>
<Location /cgi-bin>
	AuthType shibboleth
	ShibRequestSetting requireSession 1
		ShibUseHeaders on
		require valid-user
		require affilitation ~ ^.+ at ox\.ac\.uk$
		RequestHeader set REMOTE_USER "%{eppn}e"
</Location>


I’ve lost track of whether anything else is required.

Cheers,
James


On 13 May 2014, at 15:47, Dave Perry <Dave.Perry at hull-college.ac.uk> wrote:

> James
> 
> For me to shibbolise existing services (moodle/Heritage) I had to tell the SP to accept the necessary attributes. I also had to set the IdP's attribute-filter / attribute-resolver .xmls to allow these SPs to get more than just the standard (transientID,computedID and eduPersonScopedAffiliation) attributes that we release to all UK Federation SPs.
> 
> Hope that helps,
> 
> Dave
> 
> _________________________________________________
> Dave Perry
> eLearning Technologist, Hull College Group
> 
> Room L34 - Queens Gardens Library
> Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
> Extension 2230 / Direct Dial 01482 381930
> 
> Please rate our service in the annual Libraries & eLearning User survey.
> You could win a £15 Amazon voucher!
> For staff - http://library.hull-college.ac.uk/staffsurvey 
> For students - http://library.hull-college.ac.uk/survey 
> 
> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of James Dore
> Sent: 13 May 2014 15:42
> To: Shib Users
> Subject: Get Shibboleth environment variables with Python
> 
> Hi list,
> 
> I'm trying to set up our Wireless authentication portal to use shibboleth, so that we may make use of our University's Single-Sign On system within our unit. 
> 
> We have a simple web-based portal supplied by the wifi vendor (Ruckus) which will allow authenticated access (against a local RADIUS server) and unauthenticated access by just providing an email address to it. I have hidden this behind a Shibboleth SP (Windows, Apache2.2, Python 2.7) and will be using the unauthenticated part of the portal, figuring the user has *just* authenticated to Shibboleth and are therefore OK. It also simplifies the Wireless login process considerably, as the incoming attributes (email address) don't have to exactly match any held in a RADIUS server. 
> 
> The portal is made up of a mix of Python scripts and a Javascript page. I'd like to grab the data coming from a shibboleth session with python and pass it to the controller so the user only has to enter data once, at the Shibboleth login page. 
> 
> How do I capture the Shibboleth environment variables with Python? I've written a small script that dumps out all the OS variables which Python can see, and it runs immediately after a Shibboleth login. I was expecting to see REMOTE_USER at least, but it does not appear. 
> 
> Am I considering the correct environment variables? Do I need to do something within the shibd config to enable it?
> 
> Many thanks for considering what are undoubtedly basic questions - however, I've been googling for a while and can't tell if I've got hold of the wrong end of the stick, have misunderstood something obvious, or am just missing some vital piece of info!
> 
> Cheers,
> James
> 
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> 
> **********************************************************************
> This message is sent in confidence for the addressee
> only. It may  contain confidential or sensitive
> information.  The contents are not to be disclosed
> to anyone other than the addressee.  Unauthorised
> recipients are requested to preserve this
> confidentiality and to advise us of any errors in
> transmission.  Any views expressed in this message
> are solely the views of the individual and do not
> represent the views of the College.  Nothing in this
> message should be construed as creating a contract.
> 
> Hull College owns the email infrastructure, including the contents.
> 
> Hull College is committed to sustainability, please reflect before printing this email.
> **********************************************************************
> 
> TEXT
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list