Get Shibboleth environment variables with Python

Dave Perry Dave.Perry at hull-college.ac.uk
Tue May 13 11:29:46 EDT 2014 

On one of my custom bits of code, I put the headers into variables then processed them from there. Surely python can do something similar? (not my area)

_________________________________________________
Dave Perry
eLearning Technologist, Hull College Group

Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930

Please rate our service in the annual Libraries & eLearning User survey.
You could win a £15 Amazon voucher!
For staff - http://library.hull-college.ac.uk/staffsurvey 
For students - http://library.hull-college.ac.uk/survey 


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of James Dore
Sent: 13 May 2014 16:28
To: Shib Users
Subject: Re: Get Shibboleth environment variables with Python

Ok, I *think* that's happening - we're having the eduPersonPrincipalName (eppn) attribute released to us at the moment by our IdP team, and it appears in the attribute-map.xml as being given id=eppn 

Within Apache, the config looks thus: (that appears to be putting the attribute in the http headers, can I do both headers and variable?)

<Location /secure>
	AuthType shibboleth
	ShibRequestSetting requireSession 1
	ShibUseHeaders on
	require valid-user
	require affilitation ~ ^.+ at ox\.ac\.uk$
#	ProxyPass https://gatekeeper.new.ox.ac.uk/secure
#	ProxyPassReverse https://gatekeeper.new.ox.ac.uk/secure
	RequestHeader set REMOTE_USER "%{eppn}e"
</Location>
<Location /cgi-bin>
	AuthType shibboleth
	ShibRequestSetting requireSession 1
		ShibUseHeaders on
		require valid-user
		require affilitation ~ ^.+ at ox\.ac\.uk$
		RequestHeader set REMOTE_USER "%{eppn}e"
</Location>


I've lost track of whether anything else is required.

Cheers,
James


On 13 May 2014, at 15:47, Dave Perry <Dave.Perry at hull-college.ac.uk> wrote:

> James
> 
> For me to shibbolise existing services (moodle/Heritage) I had to tell the SP to accept the necessary attributes. I also had to set the IdP's attribute-filter / attribute-resolver .xmls to allow these SPs to get more than just the standard (transientID,computedID and eduPersonScopedAffiliation) attributes that we release to all UK Federation SPs.
> 
> Hope that helps,
> 
> Dave
> 
> _________________________________________________
> Dave Perry
> eLearning Technologist, Hull College Group
> 
> Room L34 - Queens Gardens Library
> Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG Extension 2230 / 
> Direct Dial 01482 381930
> 
> Please rate our service in the annual Libraries & eLearning User survey.
> You could win a £15 Amazon voucher!
> For staff - http://library.hull-college.ac.uk/staffsurvey
> For students - http://library.hull-college.ac.uk/survey
> 
> -----Original Message-----
> From: users-bounces at shibboleth.net 
> [mailto:users-bounces at shibboleth.net] On Behalf Of James Dore
> Sent: 13 May 2014 15:42
> To: Shib Users
> Subject: Get Shibboleth environment variables with Python
> 
> Hi list,
> 
> I'm trying to set up our Wireless authentication portal to use shibboleth, so that we may make use of our University's Single-Sign On system within our unit. 
> 
> We have a simple web-based portal supplied by the wifi vendor (Ruckus) which will allow authenticated access (against a local RADIUS server) and unauthenticated access by just providing an email address to it. I have hidden this behind a Shibboleth SP (Windows, Apache2.2, Python 2.7) and will be using the unauthenticated part of the portal, figuring the user has *just* authenticated to Shibboleth and are therefore OK. It also simplifies the Wireless login process considerably, as the incoming attributes (email address) don't have to exactly match any held in a RADIUS server. 
> 
> The portal is made up of a mix of Python scripts and a Javascript page. I'd like to grab the data coming from a shibboleth session with python and pass it to the controller so the user only has to enter data once, at the Shibboleth login page. 
> 
> How do I capture the Shibboleth environment variables with Python? I've written a small script that dumps out all the OS variables which Python can see, and it runs immediately after a Shibboleth login. I was expecting to see REMOTE_USER at least, but it does not appear. 
> 
> Am I considering the correct environment variables? Do I need to do something within the shibd config to enable it?
> 
> Many thanks for considering what are undoubtedly basic questions - however, I've been googling for a while and can't tell if I've got hold of the wrong end of the stick, have misunderstood something obvious, or am just missing some vital piece of info!
> 
> Cheers,
> James
> 
> 
> --
> To unsubscribe from this list send an email to 
> users-unsubscribe at shibboleth.net
> 
> **********************************************************************
> This message is sent in confidence for the addressee only. It may  
> contain confidential or sensitive information.  The contents are not 
> to be disclosed to anyone other than the addressee.  Unauthorised 
> recipients are requested to preserve this confidentiality and to 
> advise us of any errors in transmission.  Any views expressed in this 
> message are solely the views of the individual and do not represent 
> the views of the College.  Nothing in this message should be construed 
> as creating a contract.
> 
> Hull College owns the email infrastructure, including the contents.
> 
> Hull College is committed to sustainability, please reflect before printing this email.
> **********************************************************************
> 
> TEXT
> --
> To unsubscribe from this list send an email to 
> users-unsubscribe at shibboleth.net

--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

**********************************************************************
This message is sent in confidence for the addressee
only. It may  contain confidential or sensitive
information.  The contents are not to be disclosed
to anyone other than the addressee.  Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission.  Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College.  Nothing in this
message should be construed as creating a contract.

Hull College owns the email infrastructure, including the contents.

Hull College is committed to sustainability, please reflect before printing this email.
**********************************************************************

TEXT

More information about the users mailing list