Monitoring Native Shibboleth Authentication

Izz Noland izz.noland at wepanow.com
Fri Jul 24 14:21:34 EDT 2015


Sorry for the quick post.  I see what you mean by webisoget.  I was hoping for something more programmatic that would be in-house.  But this looks promising. @Scott, if you have other approaches where I can script it myself, I would appreciate you ping me offline with the idea.  Same goes for anyone out there doing something similar.

Thanks!

Izz Noland
Sr. Systems Engineer

izz.noland at wepanow.com
Toll Free 1(800)675-7639
100 Gilbert Drive | Alabaster, Alabama 35007

-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Izz Noland
Sent: Friday, July 24, 2015 1:16 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: Monitoring Native Shibboleth Authentication

Understood.  I wasn't planning for one script to accommodate each possible scenario.  In our case, we have huge confidence that if one IdP is able to login, then all should be able to, unless the problem is on the other end.  With your reference to "every possible HTML scenario on the other end," I am assuming you are referencing the form IDs for username / password and submit?  If I am able to use curl to post, would storing the cookie be necessary in order to check the /Session page?  This was briefly discussed in InstallFest, but because there are n+1 implementations where n = federated entity, I was left with an impression that using bash (as is being done with a research entity in EU), there would be a way to take advantage of the ECP endpoint / assertion consumer service to accomplish my goal.  Again, assumption can be made that if IdP A is able to authenticate, then status = OK.

I hope that makes better sense.  I appreciate everyone's assistance.

Izz Noland
Sr. Systems Engineer

izz.noland at wepanow.com
Toll Free 1(800)675-7639
100 Gilbert Drive | Alabaster, Alabama 35007

-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Friday, July 24, 2015 12:39 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Monitoring Native Shibboleth Authentication

On 7/24/15, 12:10 PM, "users on behalf of Izz Noland" <users-bounces at shibboleth.net on behalf of izz.noland at wepanow.com> wrote:

>Test for successful authentication to our app for any given IdP which we have test credentials for.

You can't script one approach to that and accomodate every possible HTML scenario on the other end. Just won't work. That's the cost of tunnelling authentication through a dumb browser.

For a given IdP, you can use tools like webisoget to manage a login pretty easily, and for some set of IdPs you can probably come up with coverage, but not in the most general case.

-- Scott

-- 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-- 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


More information about the users mailing list