Authorization using shibboleth sso

Surinaidu Majji pioneer.suri at
Fri Nov 28 07:30:21 EST 2014

We have integrated shibboleth web sso into our application to authenticate
the user, Now we want to
do authorization for our application. The below is the process which is i
am thinking for authz.

- According to shibboleth idp, the unauthenticated user is redirects to
login.jsp from idp using "ExternalAuth"(PasswordProtected) authentication
method in "handler.xml"
-  Once the user enters the username and password, the page is going to our
and authenticates the user is valid or not.
  Here i want to get the permissions for the user if he is authenticated.
- Now again user redirects to idp with **some information** along with the
 so idp redirects to our service provider with that permissions, no we can
control the authorization
 for the users.
We have already getting user information like user name and sessionId by
using 'Principle' which is set in the 'attribute-resolver.xml'.
Here i came to know that i have to deal with **attribute-resolver.xml**,
right now we are using
principle and transientId in this xml. So i know i could get the requierd
info(Permissions) from saml response
from shibboleth idp.

So Please tell me, how to deal with attribute-resolver.xml to add our
permissions for authorization.
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list