[External] Re: Can a Shibboleth service provider present itself as a SAML identity provider for federation?
Guillaume Rousse
guillaume.rousse at renater.fr
Wed Apr 24 10:52:53 EDT 2019
Le 24/04/2019 à 16:48, Graham Leggett a écrit :
> Protecting an Apache httpd based resource is straightforward and easy to
> understand, however the java application behind needs full access to all
> the SSO metadata in order to know what groups and attributes the end
> user has. It’s not as simple as passing the REMOTE_USER.
I guess you'll find what you need here:
https://wiki.shibboleth.net/confluence/display/SP3/AttributeAccess
BTW, there isn't any 'group' notion in SAML protocol AFAIK, only attributes.
Regards.
--
Guillaume Rousse
Pôle SSI
Tel: +33 1 53 94 20 45
www.renater.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3637 bytes
Desc: Signature cryptographique S/MIME
URL: <http://shibboleth.net/pipermail/users/attachments/20190424/2e7d16be/attachment.p7s>
More information about the users
mailing list