Understanding on the Authentication methods and the LoginHandlers
sarath upadrista
upadrista.sarath at gmail.com
Thu May 28 06:36:36 EDT 2015
Hello,
I am using the Shibboleth IDP 2.4.0 version and not using the
Shibboleth's SP. We have wirtten out own SP which will prepare the SAML
request and process the SAML response. We are using the
ExternalAuthentication Login handler with PasswordProtectedTransport
authentication method. I am trying to use the X.509 Authentication method.
Before that I am understanding what is the use of the
PasswordProtectedTransport authentication method. Here are some of my
questions :
1) What is the difference between the AuthenticationMethod and the
LoginHandler?
2) Are the AuthenticationMethod and LoginHandler tightly coupled?
Example: AutheticationMethod -
"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
LoginHandler type - "x509:X509"
According to my understanding the SP will prepare a SAML request to the
IDP. In the SAML request "AuthnContextClassRef" contains what kind of
Authentication method which it follows (PasswordProtectedTransport).
Now the IDP will process the SAML request and based on the requested
Authentication method, it chooses respective LoginHandler configured in the
"handlers.xml" file. In my case I am using ExternalAuthentication Login
handler with PasswordProtectedTransport authentication method.
After authentication, the IDP will prepare the SAML response with the
attributes which needs to be released to SP.
Now below are few more questions which I have got:
1) Will the IDP be able to support multiple LoginHandlers?
2) Because I want to use the X.509 authentication method with
ExternalAuthentication, How can it be done with ExternalAuthentication?
Please correct me if I am wrong.
Thanks & Regards,
Sarath U
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150528/b75ce94c/attachment-0001.html>
More information about the users
mailing list