Authorization using shibboleth sso
Surinaidu Majji
pioneer.suri at gmail.com
Fri Nov 28 07:30:21 EST 2014
We have integrated shibboleth web sso into our application to authenticate
the user, Now we want to
do authorization for our application. The below is the process which is i
am thinking for authz.
- According to shibboleth idp, the unauthenticated user is redirects to
login.jsp from idp using "ExternalAuth"(PasswordProtected) authentication
method in "handler.xml"
- Once the user enters the username and password, the page is going to our
database
and authenticates the user is valid or not.
Here i want to get the permissions for the user if he is authenticated.
- Now again user redirects to idp with **some information** along with the
permissions,
so idp redirects to our service provider with that permissions, no we can
control the authorization
for the users.
We have already getting user information like user name and sessionId by
using 'Principle' which is set in the 'attribute-resolver.xml'.
Here i came to know that i have to deal with **attribute-resolver.xml**,
right now we are using
principle and transientId in this xml. So i know i could get the requierd
info(Permissions) from saml response
from shibboleth idp.
So Please tell me, how to deal with attribute-resolver.xml to add our
permissions for authorization.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20141128/1b1265b5/attachment.html
More information about the users
mailing list