COmanage Developers List

["Christopher J. Hubing" <>]

Road map looks good.

Under the issues tab, I noticed "IdP of Last Resort 
(https://bugs.internet2.edu/jira/browse/CO-44)." I wanted to share some 
work I did with integrating OpenID in front of a shib IDP.

The Flow:

Go to https://confluence.et-test.psu.edu/dashboard.action, 
click login in the upper right of the screen. You will be brought to a 
local Shibboleth discovery service. Click on OpenID. Select "OpenID 
Providers." You can select from a couple providers I chose rather 
arbitrarily or enter your own OpenID provider.

The Code:
The apache authentication is based on ModAuthOpenID 
(http://butterfat.net/wiki/Projects/ModAuthOpenID), but i modified it to 
use the email attribute as the REMOTE_USER if it is passed and matches 
the domain scope. I also had to fix a bug in libopkele (the openid lib 
that the module relies on) that prevented attribute exchange working 
with the Google.

The short-term result is to allow our users to give permissions to 
google users (or whoever) to access their restricted wiki spaces. 
However, this could be rolled into the COmanage distribution to allow 
easily plugging in OpenID auth to domesticated apps with having to punt 
to someone like Janrain or whatever other proxy login service that pops 
up.

Just thought I'd share.

-c


On Fri, 12 Nov 2010, Benn Oshrin wrote:

> An updated technical roadmap is now in JIRA.
>
> https://bugs.internet2.edu/jira/browse/CO
>
> (Click 'Road Map' on the left.)
>
> -Benn-

______________________________________________________________________
Christopher J. Hubing                Information Technology Services

                          Emerging Technologies
+1 814 865 8772                      Pennsylvania State University
http://www.personal.psu.edu/cjh