Just a comment.. (I'm a list watcher 99.9% of the time)
XWIKI will work just fine with SAML products that engage at the
container level.. You just use a HTTP auth type authenticator which
there are a few out there in the contributions area.
My advice would be to NOT write to the SAML protocol where this gets
really intricate.. but to just let the known to work SAML products do
their thing. Pulling the SAML bits into XWIKI does not buy you anything
intricate to the product and just adds much more room for error on the
authenticator.
People wanting to implement their own SAML stack inside 'web appX'
is a topic that always comes up on some of the lists I'm on and the
SAML people always say there is really no reason to do this.. o
IMO leave the SAML bits to saml products** and use a http authenticator
that you like.
** Just to name a few:
-
http://simplesamlphp.org/ ,
-
http://shibboleth.net/ ,
-
https://github.com/guanxi/guanxi-sp-guard ,
------
thanks
kevin.foote
On Fri, 29 Mar 2013, Valdis Vītoliņš wrote:
Nicolas,
If you'd be able to rebuild this module that it at least compiles and
does something, I'd also be interested in trying it and contributing to
its development.
Valdis
Hi Nicolas,
If I remember correctly I wrote this authenticator and I think it requires
some code in XWiki pages to manage the redirects but I don't think I have
this code anymore.
Plus it was for one custom SAML server and has not been tested with
multiple ones.
In any case it's a good basis for starting a SAML authenticator.
If you are coding against a more widespread SAML server, do contribute your
code :)
You can takeover the module fully as no backwards compatibility is needed.
Ludovic
...
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users