Shibboleth Developers

[Scott Cantor <>]

In case inquiring minds wanna know, this is what the WebCT external
authentication scheme looks like.

-- Scott

-----Original Message-----
From: Mark Wilcox 
[mailto:]
 
Sent: Wednesday, October 09, 2002 3:34 PM
To: Scott Cantor
Subject: RE: WebCT/Shib Interop


Not sure if I can squeeze it into 1 sentence, but here's how it works :

1. CGI script is protected by mod_shib
2. Get WebCT Userid from REMOTE_USER variable that mod_shib passes
3. CGI script invokes our Auto sign-on protocol. This protocol consists
of passing along the WebCT Unique UserId (WUUI) plus a timestamp (to
prevent replay attacks), plus an URL (to a specific course or MyWebCT)
and an MD5 hash. The Hash is constructed by taking the sum of the ascii
values of the passed data (WUUI, timestamp, URL) and appending a shared
secret. This protocol is defined in our CE Tech Ref manual. And it's the
same protocol we use to integrate with Campus Pipeline, UPortal as well
as our integration with PubCookie or any other similar WebISO system.

I already have the script that does step 3.

Mark

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--