shibboleth-dev - Integrating IdP with GridSite and VOMS
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: Integrating IdP with GridSite and VOMS
- Date: Mon, 12 Apr 2010 10:35:03 -0400 (EDT)
Hi all,
in the aim of the project I'm participating to, I am planning to take
advantage from the work you did with Shibboleth in order to implement the SSO
support for the project infrastructure, and trying to integrate SSO with
GridSite and VOMS authentication as well.
In particular, my company developed a special component called Central
Security Service which exposes various operations allowing the retrieval of
user X.509 proxy certificates and eventually their VOMS or Shibboleth
attributes extensions.
Now we want to integrate the CSS and a Shibboleth IdP installation within
something which is similar to a ShibVomGSite architecture. The CSS behaves
like the MyIdentityDB+VASH components do in the ShibVomGSite.
I am planning to apply some changes to the standard IdP code, in order to
obtain a "modified"-IdP and enable the information echange process with the
CSS.
In the past days, I studied the source code of the IdP trying to identify
members and classes to patch. I'm unfortunately living some troubles in doing
that, and would you to confirm some ideas and provide answers to some
questions.
Here follows the list of my initial questions:
- What are the packages and the classes which perform the three communication
steps*? I found
"edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.java", in
which I found startUserAuthentication and completeAuthentication methods. Are
they performing the right/full communication steps?
- If not, where in the code the remaining steps are perfomed?
- How the CSS should provide info in the reply to IdP? I mean, what is the
expected format of the provided info?
Thank you
Marco
* The three steps, as defined by ShibVomGSite architecture, are:
1. User Authentication through Shibboleth credentials (via MyIdentityDB)
2. Retrieval of user's and issuer's DN (via MyIdentityDB)
3. Retrieval of VOMS extensions mapped on user's attributes (via VASH)
- Integrating IdP with GridSite and VOMS, marco . pappalardo, 04/12/2010
- Re: [Shib-Dev] Integrating IdP with GridSite and VOMS, Chad La Joie, 04/12/2010
Archive powered by MHonArc 2.6.16.