Shibboleth Developers

["Venkata Krishna Ravula" <>]

Dear Tom and Nate,

 

                 Appreciate your response. Just like Nate suggested I am looking into MAMS. Portal talks to Shibboleth and even the API is available. Now I guess the whole question is to make the portal once authenticated with proper credentials to be trusted by the Globus tool kit. This is where the entire scenario revolves. How to make the portal to be trusted by the GTK after authenticated by Shibboleth ? Any suggestions would be greatly appreciated.

 

Thank you

 

Regards

 

Venkat
 

On 11/16/06, Tom Scavo <> wrote:

On 11/16/06, Venkata Krishna Ravula < > wrote:
>
>                         A web portal communicates with the Shibboleth server
> to authenticate a user. Then the Globus tool Kit trusts the portal and then
> any service later requested by the user be provided by the Globus Tool kit
> becauses it now trusts the portal.

Yes, grid communities are doing this today.  OGCE does this, for
example.  What's missing in today's deployments, however, is access
control.

We are currently working on a project that would push attributes to
Globus Toolkit by binding SAML attribute assertions to X.509 proxy
certificates.  This wiki page gives the general idea:

https://authdev.it.ohio-state.edu/twiki/bin/view/GridShib/ScienceGateway

Note that the Portal/Gateway need not be shib-enabled.  If it *is*
shib-enabled (Nate gave a pointer), the authentication context from
the shib-issued SSO assertion may be pushed to Globus Toolkit along
with attributes.  This raises some interesting questions with respect
to attribute aggregation (which Nate can tell you more about :).

Hope this helps,
Tom