Shibboleth for Publishers
Peter Schober
peter.schober at univie.ac.at
Thu Oct 17 07:06:31 EDT 2019
* Nikita Bernstein <nikitab at jomi.com> [2019-10-16 21:21]:
> We are looking to implement Shibboleth at JOMI (jomi.com) and are having a
> hard time finding implementation guidelines for publishers. Could someone
> please direct me?
>From a short off-list exchange we've etablished that the protected
resource is "a MERN stack on a Linux server", where "MERN" seems to
stand for MongoDB, Express, React, Node.js.
>From what I can tell this means having either node or a
special-purpose process manager (such as pm2 or StrongLoop) listen to
HTTP requests directly, though everything may also be reverse-proxied
by a web server, often Nginx.
Even if this doesn't seem like the ideal environment to introduce the
Shibboleth SP into it can certainly be done, e.g. when using Nginx by
using Shibboleth's FastCGI support with the add-on module:
https://github.com/nginx-shib/nginx-http-shibboleth
This is assumes that the whole application will be reverse proxied by
Nginx, i.e. requests MUST NOT reach node or the process manager's HTTP
listener directly. (That's very likely a sane recommendation for a
production setup anyway.)
Swapping out Nginx (or newly introducing, if no production-grade web
server is part of the stack currently) Apache httpd as reverse proxy
may also be possible but will likely require more careful testing
(because AFAIK httpd doesn't buffer requests and may or may not allow
caching). OTOH you avoid having to compile Nginx from source (or use
their binary packages) in order to use the above 3rd party module,
AFAIU.
Though that may not be all that needs to be considered: The
application may also run on the client-side and use an API to
communicate with the server?
If that's the case then much of this (again) depends on the specifics
of the application and/or its framework. See this post for one answer:
http://shibboleth.net/pipermail/users/2018-July/041162.html
and this one for another:
http://shibboleth.net/pipermail/users/2018-April/039942.html
If anything (or everything) above is unclear please ask specific
questions about what is unclear and how.
I don't know what you don't know, so we'll have to iterate.
-peter
More information about the users
mailing list