Subject: Shibboleth Developers
- From: Peter Murray <>
- Subject: [Fwd: RE: JAAS Module]
- Date: Mon, 25 Jul 2005 20:04:26 -0400
- Openpgp: id=27CF2072
-----BEGIN PGP SIGNED MESSAGE-----
For what it's worth, Josh is working under my mentorship as a Google
Summer of Code recipient. His project is to tie a Shibboleth SP deep
into the Fedora (Cornell/UVa) digital object repository's new
XACML-based access control mechanism. The Fedora folks know what is
going on -- thought you might want to as well.
- -------- Original Message --------
Subject: RE: JAAS Module
Date: Sat, 23 Jul 2005 02:17:40 -0400
From: Wilcox, Mark
Unless you modify Tomcat's JAAS handler - JAAS and Shib is most likely
not going to work.
Here is why:
JAAS is a nice abstraction for authentication and authorization.
On the implementation side - a JAAS provider essentially implements 3
Callback handlers (normally username and password, but could be anything
- - assuming the caller application (in this case Tomcat) provides a
callback handler that gives the data required - ie the SAML blob)
Then you implement two methods:
login and commit. These latter are boolean (true on success) that
essentially take the data from the Data Handlers.
The crux of the problem is that Tomcat currently only
implements Callback Handlers that provide Username and Password - which
won't map to Shib. So you would have to hack Tomcat to get the HTTP
Request object. I'm sure lots of people would like this since it would
make generalized SSO possible via JAAS in Tomcat.
Another option is to write a Tomcat interceptor (this is how JOSSO and
But as you may know the current Shib plan is to provide a Servlet filter
(ala CAS model) which could in theory be modified to fit other
*From:* Joshua C Kent
*Sent:* Thu 7/21/2005 3:58 PM
*Subject:* JAAS Module
Does anyone know of or written any code to implement a Shibboleth JAAS
Module for tomcat?
Peter Murray http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
- [Fwd: RE: JAAS Module], Peter Murray, 07/25/2005
- Re: [Fwd: RE: JAAS Module], Nate Klingenstein, 07/25/2005
Archive powered by MHonArc 2.6.16.