Skip to Content.
Sympa Menu

shibboleth-dev - .NET Shibboleth IdP

Subject: Shibboleth Developers

List archive

.NET Shibboleth IdP


Chronological Thread 
  • From:
  • To:
  • Subject: .NET Shibboleth IdP
  • Date: Thu, 27 Mar 2008 15:27:58 -0400 (EDT)
Hello!

My name's Wes Plybon and I work for Whipplehill Communications. Currently,
I'm working on an integration project involving creating a SSO solution for
Moodle as well as some other educational resources. Our desire is to use the
Shibboleth service providers implemented by those services, however, we're a
.NET shop and the powers that be aren't thrilled to have to run an
apache/tomcat server for this.

Thusly, it has been left up to me to provide a .NET solution for our
Shibboleth SSO. I've downloaded a SAML 1.1 component from componentspace.com
and read over the draft for shib 1.3 at
http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-tech-overview-latest.pdf
and after playing around with my code, am confident there's something I'm
not getting :) After reviewing the draft, it would appear that Shibboleth
1.3 is pretty much "out-of-the-box" SAML 1.1 with some extra information
exchange services.

I've created an IdP at http://beta.whipplehill.com/sso/saml1.1/idp and have
moodle installed at http://wesp.mhtcoc.org/moodle/. I'm using a Browser/POST
to submit the response. Additionally, the idp is currently hard coded to only
direct back to the moodle site and authorize the username "idp-user" with
password "password." The IdP code is mostly the example code that was given
with the SAML 1.1 component I downloaded.

Appended is a sample saml response generated from the IdP. I can provide
more information if neccessary. Admittedly, I'm new to the whole SSO deal
and am not quite sure, exactly, what needs to happen in the Shibboleth
authentication process.

Thanks for you help!

--Wes

--------------------------------------------

<samlp:Response
ResponseID="_1d1cd561-265a-4912-a012-901f9bf0cf0e"
MajorVersion="1"
MinorVersion="1"
IssueInstant="2008-03-27T15:02:06Z"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
<samlp:Status>
<samlp:StatusCode Value="samlp:Success" />
</samlp:Status>
<saml:Assertion
MajorVersion="1"
MinorVersion="1"
AssertionID="_d00d8acd-dd92-4c64-b47a-06781ad90457"
Issuer="urn:source-site"
IssueInstant="2008-03-27T15:02:06Z"

xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2008-03-27T14:02:06Z"
NotOnOrAfter="2008-03-27T16:02:06Z" />
<saml:AuthenticationStatement
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"
AuthenticationInstant="2008-03-27T15:02:06Z">
<saml:Subject>
<saml:NameIdentifier
NameQualifier="urn:source-site"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">
idp-user
</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>

urn:oasis:names:tc:SAML:1.0:cm:bearer
</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier
NameQualifier="http://beta.whipplehill.com/sso/saml1.1/idp";
Format="urn:mace:shibboleth:1.0:nameIdentifier">
11252496478962
</saml:NameIdentifier>
<saml:SubjectConfirmation />
</saml:Subject>
<saml:Attribute AttributeName="shib_username"
AttributeNamespace="urn:test">

<saml:AttributeValue>idp-user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="shib_email"
AttributeNamespace="urn:test">

<saml:AttributeValue></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="shib_firstname"
AttributeNamespace="urn:test">

<saml:AttributeValue>Shib</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="shib_lastname"
AttributeNamespace="urn:test">

<saml:AttributeValue>User</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>

Archive powered by MHonArc 2.6.16.

Top of Page