Which handler LDAP SSO
Peter Schober
peter.schober at univie.ac.at
Tue Nov 11 07:02:55 EST 2014
* Morris, Andi <amorris at cardiffmet.ac.uk> [2014-11-11 12:45]:
> I'm setting up a new Shibboleth IDP environment and I have some
> questions regarding the handlers. Our current environment is Windows
> based Apache Tomcat, and uses the RemoteUser handler which SSOs
> users against our active directory back end, although I can't find
> any info on how to configure RemoteUser to use LDAP.
It's RemoteUser as far as the IDP software is concerned. The LDAP
authentification will be configured in Apache Tomcat then, which in
turn speaks to your LDAP DSA.
> I'd like to move this to RedHat with Apache Tomcat and looking at
> the handlers in the wiki it actually seems that the username
> password handler would be better suited to what I need, however I'm
> not sure whether I can configure this for SSO. Is this possible? If
> not, is there any guidance on doing this with RemoteUser?
UsernamePassword is what you want.
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass
SSO comes from the PreviousSession handler, which is enabled by
default and doesn't need any additional configiuration, i.e. it will
Just Work.
-peter
More information about the users
mailing list