Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Grouper and federative login

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Grouper and federative login

Chronological Thread 
  • From: Peter Schober <>
  • To: Grouper Users Mailing List <>
  • Subject: Re: [grouper-users] Grouper and federative login
  • Date: Tue, 24 Feb 2009 17:27:25 +0100
  • Organization: Vienna University Computer Center

* Martin van Es
[2009-02-24 16:24]:
> After a successful authentication (eg Shibboleth) via some apache module,
> the
> only link to Grouper would be getRemoteUser(). This is a single valued
> string
> so I would have no knowledge about the institution that the user was
> authenticated against, unless I come up with a way to concatenate the
> user_id
> and institution
> (user_id@institution
> eg) to prevent duplicates, assuming that
> a user_id cannot contain a @ in this case.

As far as the identifiers are concerned: Shibboleth IdPs (or SAML
Attribute Authorities, for that matter) should release an identifier
that has a syntax and semantics to make it globally unique, possibly
even persistent. It's then the job of e.g. the Shibboleth SP (i.e. the
SAML relying party) to map one of those attibutes to REMOTE_USER
(e.g. eduPersonPrincipalName or eduPersonTargetedId).



- vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140

Archive powered by MHonArc 2.6.16.

Top of Page