Posts

Showing posts with the label Shibboleth

Shibboleth Idp with External Authn Configuration

Image
Shibboleth Idp comes with by default various flows like UsernamePassword, Mfa, X509, Kerberos, Spengo and various others flow but today I am going to discuss in details about one more flow which is also provided by Shibboleth Idp itself i.e External Flow Use case: Shibboleth Idp supports external Authn flow using which specific requirement can be fulfilled like your authentication database resides at some other location or some other servlet will do the authentication on the Idp’s behalf like authentication should be done at Facebook or Google side. All such scenario can be easily handled using External Authn flow. Shibboleth team has already created document for the same which you can read it over here . I am writing this document to explain it in more details with example. There are few predefined steps that we need to follow to add new custom flow in Shibboleth Idp as per Shibboleth guidelines. Let’s assume we have to create new flow named “Authn/Custom” in Shibbolet...

Set up Shibboleth SP as a SAML 2.0 service provider with G Suite

Prerequisite: Basic understanding of SAML 2.0, SSO and Shibboleth SP.   SP setup up and working on your instance. Must having administrator account to register your SP on G suite G Suite setup: Login to  https://admin.google.com  using your administrator account. Click  Security > Set up single sign-on (SSO) Click the  Download  button to download the Google IdP metadata and the X.509 Certificate Now click on  Apps > SAML apps . Select the  Add a service/App to your domain  link or click the plus (+) icon in the bottom corner. The  Enable SSO for SAML Application  window opens. Click  SET UP MY OWN CUSTOM APP We have already downloaded the certificate and Idp Metadata, click  NEXT On the Basic application information window, Enter the  Application name  and Description values. In the Service Provider Details section, enter the following URLs into the  Entity ID, ACS URL , and...

How to access Shibboleth as SP built in variables in your Application?

Most of the variables created by the SP are controlled by you, and correspond to mapped attributes. A few are built into the SP and can't be renamed. Variable Meaning Shib-Application-ID The  applicationId  property derived for the request. Shib-Session-ID The internal session key assigned to the session associated with the request. Shib-Identity-Provider The  entityID  of the IdP that authenticated the user associated with the request. Shib-Authentication-Instant The ISO timestamp provided by the IdP indicating the time of authentication. Shib-Authentication-Method The  AuthenticationMethod  or  <AuthnContextClassRef>  value supplied by the IdP, if any. Shib-AuthnContext-Class The  AuthenticationMethod  or  <AuthnContextClassRef>  value supplied by the IdP, if any. ...

Attribute Authority, Command Line Interface (AACLI)

Image
Today, I have encountered one interesting tool in Shibboleth IdP which will check the resolver, filters and also the metadata so that you can know exactly what will happen in any given situation without starting the IdP. J As a developer, I would say it’s a great tool as you don’t have to restart your IdP again and again after every changes. The name of the tool is (Attribute Authority, Command Line Interface) ACCLI which is located in the IDP_HOME/bin directory and is called aacli.sh or aacli.bat. How it works? Make sure, you have set IDP_HOME to your system environment variable. To check what all attribute it will return for userId SysAdmin and Service Provider EntityId “https://domain.waheedtechblog.com/shibboleth”) aacli.bat --configDir=C:\idp\conf\ --principal=SysAdmin --requester=https://domain1.com/Shibboleth Please check here for detail information.

Configure Shibboleth Idp to achieve Single Sign-on with Zendesk

Image
1. Introduction Shibboleth is standards-based, open source middleware software which provides web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. Shibboleth Identity Provider supports the SAML2 specification and is therefore ideal for use with Zendesk. This document will describe the steps required to configure Shibboleth 2.0 Identity Provider to achieve single sign-on with Zendesk. 2. Install Shibboleth IdP The V2 Shibboleth Identity Provider is a standard Java web application based on the Servlet 2.4 specification and should run for the most part in any compatible servlet container. For this setup, I am going to use Apache Tomcat 7. Install and configure Apache tomcat 7 Download the Shibboleth Identity Provider (V2.4.4) software package. Unzip the archive and uncomment <security-constraint>, <login-config...