Shibboleth Developers

["Tom Scavo" <>]

[redirecting this thread to shibboleth-user]

On Thu, Mar 27, 2008 at 3:27 PM,  
<>
 wrote:
> Hello!
>
>  My name's Wes Plybon and I work for Whipplehill Communications.  
> Currently, I'm working on an integration project involving creating a SSO 
> solution for Moodle as well as some other educational resources.  Our 
> desire is to use the Shibboleth service providers implemented by those 
> services, however, we're a .NET shop and the powers that be aren't thrilled 
> to have to run an apache/tomcat server for this.
>
>  Thusly, it has been left up to me to provide a .NET solution for our 
> Shibboleth SSO.  I've downloaded a SAML 1.1 component from 
> componentspace.com and read over the draft for shib 1.3 at 
> http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-tech-overview-latest.pdf
>  and after playing around with my code, am confident there's something I'm 
> not getting :)  After reviewing the draft, it would appear that Shibboleth 
> 1.3 is pretty much "out-of-the-box" SAML 1.1 with some extra information 
> exchange services.
>
>  I've created an IdP at http://beta.whipplehill.com/sso/saml1.1/idp and 
> have moodle installed at http://wesp.mhtcoc.org/moodle/.  I'm using a 
> Browser/POST to submit the response. Additionally, the idp is currently 
> hard coded to only direct back to the moodle site and authorize the 
> username "idp-user" with password "password."  The IdP code is mostly the 
> example code that was given with the SAML 1.1 component I downloaded.
>
>  Appended is a sample saml response generated from the IdP.  I can provide 
> more information if neccessary.  Admittedly, I'm new to the whole SSO deal 
> and am not quite sure, exactly, what needs to happen in the Shibboleth 
> authentication process.
>
>  Thanks for you help!
>
>  --Wes
>
>  --------------------------------------------
>
>  <samlp:Response
>                 ResponseID="_1d1cd561-265a-4912-a012-901f9bf0cf0e"
>                 MajorVersion="1"
>                 MinorVersion="1"
>                 IssueInstant="2008-03-27T15:02:06Z"
>                         xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
>         <samlp:Status>
>                 <samlp:StatusCode Value="samlp:Success" />
>         </samlp:Status>
>         <saml:Assertion
>                         MajorVersion="1"
>                         MinorVersion="1"
>                         AssertionID="_d00d8acd-dd92-4c64-b47a-06781ad90457"
>                         Issuer="urn:source-site"
>                         IssueInstant="2008-03-27T15:02:06Z"
>                                 
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
>                 <saml:Conditions NotBefore="2008-03-27T14:02:06Z" 
> NotOnOrAfter="2008-03-27T16:02:06Z" />
>                 <saml:AuthenticationStatement 
> AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" 
> AuthenticationInstant="2008-03-27T15:02:06Z">
>                         <saml:Subject>
>                                 <saml:NameIdentifier 
> NameQualifier="urn:source-site" 
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">
>                                         idp-user
>                                 </saml:NameIdentifier>
>                                 <saml:SubjectConfirmation>
>                                         <saml:ConfirmationMethod>
>                                                 
> urn:oasis:names:tc:SAML:1.0:cm:bearer
>                                         </saml:ConfirmationMethod>
>                                 </saml:SubjectConfirmation>
>                         </saml:Subject>
>                 </saml:AuthenticationStatement>
>                 <saml:AttributeStatement>
>                         <saml:Subject>
>                                 <saml:NameIdentifier 
> NameQualifier="http://beta.whipplehill.com/sso/saml1.1/idp"; 
> Format="urn:mace:shibboleth:1.0:nameIdentifier">
>                                         11252496478962
>                                 </saml:NameIdentifier>
>                                 <saml:SubjectConfirmation />
>                         </saml:Subject>
>                         <saml:Attribute AttributeName="shib_username" 
> AttributeNamespace="urn:test">
>                                 
> <saml:AttributeValue>idp-user</saml:AttributeValue>
>                         </saml:Attribute>
>                         <saml:Attribute AttributeName="shib_email" 
> AttributeNamespace="urn:test">
>                                 
> <saml:AttributeValue></saml:AttributeValue>
>                         </saml:Attribute>
>                         <saml:Attribute AttributeName="shib_firstname" 
> AttributeNamespace="urn:test">
>                                 
> <saml:AttributeValue>Shib</saml:AttributeValue>
>                         </saml:Attribute>
>                         <saml:Attribute AttributeName="shib_lastname" 
> AttributeNamespace="urn:test">
>                                 
> <saml:AttributeValue>User</saml:AttributeValue>
>                         </saml:Attribute>
>                 </saml:AttributeStatement>
>         </saml:Assertion>
>  </samlp:Response>
>