Skip to Content.
Sympa Menu

comanage-users - Re: [comanage-users] SAML vars in self-service enrollment

Subject: COmanage Users List

List archive

Re: [comanage-users] SAML vars in self-service enrollment


Chronological Thread 
  • From: Dave Dykstra <>
  • To: Benn Oshrin <>
  • Cc: "" <>
  • Subject: Re: [comanage-users] SAML vars in self-service enrollment
  • Date: Wed, 19 Apr 2017 12:36:33 -0500
  • Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=fnal.gov;
  • Ironport-phdr: 9a23:t8IiVhBQpDBCpNm/xdfNUyQJP3N1i/DPJgcQr6AfoPdwSPX6o8bcNUDSrc9gkEXOFd2CrakV1ayN6+u5ADZIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSijewZbJ/IA+4oAnNucUanJZuJrgswRbVv3VEfPhby3l1LlyJhRb84cmw/J9n8ytOvv8q6tBNX6bncakmVLJUFDspPXw7683trhnDUBCA5mAAXWUMkxpHGBbK4RfnVZrsqCT6t+592C6HPc3qSL0/RDqv47t3RBLulSwKLCAy/n3JhcNsjaJbuBOhqAJ5w47Ie4GeKf5ycrrAcd8GWWZNW8BcWCJbAoO4coABEewPM+hFpIX5vlcCsweyCQyqCejyyDFHm2X20LU03eohDw/IwQ8uH9wBv3vIsdr6NqkdUeGuwanU0TnOde9a1Svn5YTWdB0qvPGCXah3ccrU0UQhGRnKjkuOpof4MT2U1ucNs3OH7+p6T+2klmkqpBx/ozey3coshI/JiZgRylze+iV5x5g1KMS+RUVmYtCkCINduz+UOodsX88uX29ltDwkxrEapJK3ZjUGxIkpyhLHdvCKfZWE7gj9WOqPITp0nm9pdbO7ihqo7EStyezxW8+p21hQtCVFiMPDtnUV2hzT9MeHTvx981+u2TmTyw/f9vxILVkpmqreNZIt27kwmYENvkjZGS/2hVn2g7SRdkU5/Oin9v7rYq38pp+bK497lB3xMrgvmsy4B+Q0KA8OX3WH+eS4073j+k75TK9Wgf0xl6nVqJHaJcIFqa6lGwJZzIgu5wyiAzu63tkUh2cLIE5YdB6dkoTlJl/DLOj9DfilglSslDlrx+rBPr3kGpjCM3bCn6r6cLZz7U5T0g4zwcpQ55JTFLENOOjzVVPptNzEEh85NBS5zP35B9V70IMeXnmCAq6fMKPOr1CI/OQvLPeQZIMLojryNeUq5+P2h38jhVAdZbWp3YcQaH2gAvtmJECZbmDqgtgbHmcFoBMyTPHxiFKcSz5TfG2/X6Y95jEgFIKmFpnPSpqsgLyHwCe0AIdWZmZYBVCQD3vkbZuLVOoRaHHaHsg0uDECU/CGUI871Bfm4AX3zbxgBuvS5iACs5//jp546/CFxj8o8jkhI82D3imhXmJvgnkBD2s6w6xXr0p0zhGM1rYu0K8QLsBa+/4cClRyDpXb1eEvTomoAg8=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99
Hi Benn,

I don't see that "<Location /registry>" section in the comanage
installation documentation; did I miss it? I tried adding it on my
machine but don't notice any difference. Can you give a specific
example where it makes a difference?

Dave

On Mon, Apr 17, 2017 at 06:39:35PM -0400, Benn Oshrin wrote:
> You typically would have something like this in your apache config...
>
> <Directory /var/www/html/registry/auth/login/>
> AuthType shibboleth
> ShibRequestSetting requireSession 1
> Require valid-user
> </Directory>
>
> <Location /registry>
> AuthType shibboleth
> Require shibboleth
> </Location>
>
> You only want to trigger authentication on the login pages, but you want
> the ENV variables set on other requests. You don't want to explicitly
> list enrollment URLs since in general there's not guarantee they won't
> change.
>
> Thanks,
>
> -Benn-
>
> On 4/17/17 12:22 PM, Paul Caskey wrote:
> > First of 2 quick questions?
> >
> > Is the right way to use IdP-asserted SAML vars in self-service
> > enrollment to just shibb-protect the enrollment URL?
> >
> > The mappings from env vars to form fields seems to be in place?
> >
> > Thanks!

Archive powered by MHonArc 2.6.19.

Top of Page