Hi Kevin,
Good comment. It's true that using the default XWiki authenticator and
relying on a Tomcat or Apache level authenticator is always an easier way
than full protocol implementation.
However we usually also want to have the XWiki user be created with data
coming from the authentication.
Have you seen this done ? Can you point out which SAML product that you
know off and that have a container level implementation and that you have
seen working with XWiki ?
Ludovic
2013/3/29 Kevin P. Foote <kpfoote(a)iup.edu>
Just a comment.. (I'm a list watcher 99.9% of the time)
XWIKI will work just fine with SAML products that engage at the
container level.. You just use a HTTP auth type authenticator which there
are a few out there in the contributions area.
My advice would be to NOT write to the SAML protocol where this gets
really intricate.. but to just let the known to work SAML products do
their thing. Pulling the SAML bits into XWIKI does not buy you anything
intricate to the product and just adds much more room for error on the
authenticator.
People wanting to implement their own SAML stack inside 'web appX'
is a topic that always comes up on some of the lists I'm on and the SAML
people always say there is really no reason to do this.. o
IMO leave the SAML bits to saml products** and use a http authenticator
that you like.
** Just to name a few:
-
http://simplesamlphp.org/ ,
-
http://shibboleth.net/ ,
-
https://github.com/guanxi/**guanxi-sp-guard<https://github.com/guanxi/gu…rd>,
------
thanks
kevin.foote
On Fri, 29 Mar 2013, Valdis Vītoliņš wrote:
Nicolas,
If you'd be able to rebuild this module that
it at least compiles and
does something, I'd also be interested in trying it and contributing to
its development.
Valdis
Hi Nicolas,
If I remember correctly I wrote this authenticator and I think it
requires
some code in XWiki pages to manage the redirects but I don't think I have
this code anymore.
Plus it was for one custom SAML server and has not been tested with
multiple ones.
In any case it's a good basis for starting a SAML authenticator.
If you are coding against a more widespread SAML server, do contribute
your
code :)
You can takeover the module fully as no backwards compatibility is
needed.
Ludovic
...
______________________________**_________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/**mailman/listinfo/users<http://lists.xwiki.org/m…
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users