Shibboleth Developers

["Scott Cantor" <>]

> I remember hearing discussion somewhere about Shibbolizing Sakai, but  
> don't remember how that ended.  I know Sakai uses some of the OSIDs,  
> but not sure about AuthN.  I guess it could be that there are enough  
> high(er) profile projects using OSIDs that it would be beneficial to  
> provide an official Shibboleth implementation (although that's not  
> necessarily what I had in mind when I initially asked the question).

My read on the OSID concept of authentication is that the only way you could
do it is by creating what amounts to a generic "REMOTE_USER" OSID whose
function was to enable SSO-based deployments that assert identity to the
application to extract the identity from REMOTE_USER and create the
necessary internals.

To make it work, obviously the web server config has to be laid out such
that the "login" process runs through that filter in some way and feeds the
OSID. This isn't too uncommon with CMS integration, since they usually force
logins through one script and then gateway it into an app session cookie.

-- Scott