SLO HTTP-Redirect endpoint with query-string parameters (/?sls).
Cameron Kerr
cameron.kerr at otago.ac.nz
Mon Sep 3 19:28:11 EDT 2018
Simply because it wasn't my project; I was just trying replicate and fix someone else's design choice.
When we first went with python3-saml, there were limited options I think with regard to python3. I've not heard to those two you have mentioned (thanks!). I think we also wanted to use nginx too...
My chief learning from this exercise is to strongly avoid using library based solutions within a SP application and to instead rely on external authentication and have a reverse-proxy take care of the AuthN contract. Not sure how well that would work with logout at the moment.... but it has to be much simpler for sure.
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Peter Schober
Sent: Monday, 3 September 2018 11:19 PM
To: users at shibboleth.net
Subject: Re: SLO HTTP-Redirect endpoint with query-string parameters (/?sls).
* Cameron Kerr <cameron.kerr at otago.ac.nz> [2018-09-03 03:37]:
> I'm trying to get the python3-saml demo-django project
> (https://github.com/onelogin/python3-saml/tree/master/demo-django)
> working nicely (including logout) with Shibboleth IdP version 3.2.1
Out of curiosity: Why not use the Shibboleth SP plus some middleware on the Django side for it (e.g. Brown's[1] or any other)?
Or, for demployments without a supported web server (i.e., without Apache httpd, MS-IIS or Nginx+fastcgi) some middleware for pysaml2[2]?
-peter
[1] https://github.com/Brown-University-Library/django-shibboleth-remoteuser
[2] https://github.com/knaperek/djangosaml2
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list