Skip to Content.
Sympa Menu

shibboleth-dev - [Fwd: RE: JAAS Module]

Subject: Shibboleth Developers

List archive

[Fwd: RE: JAAS Module]

Chronological Thread 
  • From: Peter Murray <>
  • To:
  • Subject: [Fwd: RE: JAAS Module]
  • Date: Mon, 25 Jul 2005 20:04:26 -0400
  • Openpgp: id=27CF2072

Hash: SHA1

For what it's worth, Josh is working under my mentorship as a Google
Summer of Code recipient. His project is to tie a Shibboleth SP deep
into the Fedora (Cornell/UVa) digital object repository's new
XACML-based access control mechanism. The Fedora folks know what is
going on -- thought you might want to as well.


- -------- Original Message --------
Subject: RE: JAAS Module
Date: Sat, 23 Jul 2005 02:17:40 -0400
From: Wilcox, Mark


Unless you modify Tomcat's JAAS handler - JAAS and Shib is most likely
not going to work.

Here is why:
JAAS is a nice abstraction for authentication and authorization.

On the implementation side - a JAAS provider essentially implements 3
Callback handlers (normally username and password, but could be anything
- - assuming the caller application (in this case Tomcat) provides a
callback handler that gives the data required - ie the SAML blob)

Then you implement two methods:
login and commit. These latter are boolean (true on success) that
essentially take the data from the Data Handlers.

The crux of the problem is that Tomcat currently only
implements Callback Handlers that provide Username and Password - which
won't map to Shib. So you would have to hack Tomcat to get the HTTP
Request object. I'm sure lots of people would like this since it would
make generalized SSO possible via JAAS in Tomcat.

Another option is to write a Tomcat interceptor (this is how JOSSO and
JBOSS work).

But as you may know the current Shib plan is to provide a Servlet filter
(ala CAS model) which could in theory be modified to fit other
authentication strategies.


- ------------------------------------------------------------------------
*From:* Joshua C Kent

*Sent:* Thu 7/21/2005 3:58 PM

*Subject:* JAAS Module

Does anyone know of or written any code to implement a Shibboleth JAAS
Module for tomcat?


- --
Peter Murray
Assistant Director, Multimedia Systems tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network Columbus, Ohio
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird -


Archive powered by MHonArc 2.6.16.

Top of Page