shibboleth | Adds Shibboleth authentication to MODX Revolution | Authentication library
kandi X-RAY | shibboleth Summary
kandi X-RAY | shibboleth Summary
This extra assumes that Shibboleth has been enabled in [passive or "lazy session" mode][2] for the root directory (containing index.php) of the MODX site. In a typical setup, the following directives should be added to the .htaccess file in the MODX root folder, after the RewriteBase directive. Note that these settings will not protect any files or resources present in the file system. For access controlled downloads, appropriate Shibboleth directives will need to be placed in the .htaccess file for the directory that contains the files to be protected.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Do the login .
- Finds the rules in the cache
- Alters a URL parameter
- Returns URL of the script handler .
- Set the Shibboleth user
- Check user s authorization rules
- Sets the rules
- Set the event output
- Fix the working environment
- Determine if the user is authenticated .
shibboleth Key Features
shibboleth Examples and Code Snippets
Community Discussions
Trending Discussions on shibboleth
QUESTION
I am getting the error "400 Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please."
What I am trying to achieve is :
1.Docker Run Docker Image which is using apache2 and Shibboleth both are running on port http(8090) & https(8443) respectively with self signed certificate. Running the image locally using the docker run it is working fine. http://localhost:8090/ ----> working fine https://localhost:8443/Shibboleth.sso/Status ----> giving cert error but after accept and ignore working fine. (Shibboleth service which is being accessed via apache2 000-default.conf ProxyPass /Shibboleth.sso/ https://localhost:8443/Shibboleth.sso/Status)
- Kubernetes Platform Below are the deployment,Service and Ingress created to access the same image.
ANSWER
Answered 2021-Apr-18 at 18:31Can you please try adding this annotation to your ingress file?
QUESTION
I have different SPs that use my IDP Shibboleth, but for each of them I want to send different attributes in the SAML response.
Is there a way to achieve this?
Maybe use different attribute-resolver files, or maybe the same one but with some configuration on the AttributeDefinition that I can set so that shibboleth knows what values to resolve?
I haven't found anything regarding this on their wiki.
...ANSWER
Answered 2021-Apr-09 at 06:21I would suggest you look into the topic of attribute mapping. With this, you can define filters on your Service Providers. Collect all attributes you need for all SPs on your IDP and then filter the ones you need on your Service Provider.
Example: SP 1 needs an attribute called email_1 and SP 2 needs email_2.
Then your attribute-resolver.xml might look something like this:
QUESTION
I am installing Shibboleth IDP on a CentOS 7 server. I installed JDK 15.0.2 and Tomcat 9.0.44
Java version is:
...ANSWER
Answered 2021-Mar-16 at 13:39Java 15 and later no longer includes a bundled JavaScript engine.
The simplest way to deal with this is to use an earlier version of Java. Note that the Shibboleth project only formally supports Long Term Support releases of Java, which for IdP V4.0.1 means Java 11.
Another commenter notes that you can add a separate JavaScript engine to your classpath if you really need to use the latest Java and the current IdP version, but it's not a supported configuration.
Going forward, the Shibbleth IdP 4.1 release (which is coming out very soon now) has a plug-in mechanism to help support this use case, but using Java 11 will still be the simplest approach.
The complete System Requirements documentation for the current version of the Shibboleth IdP is here: https://wiki.shibboleth.net/confluence/display/IDP4/SystemRequirements
QUESTION
I have an app running behind a reverse proxy on Apache 2.4.6 on CentOS 7. I am doing authentication using Shibboleth and am currently doing authorization via a whitelist using AuthGroupFile /path/to/authfile and Require group authGroup. This currently works with my setup. I'm trying to change this process to do authorization against a whitelist stored in a SQL Server database, and this is proving to be difficult.
Currently in conf.d/shib.conf I have the following:
ANSWER
Answered 2021-Feb-05 at 23:13For anyone that has a similar issue, I was finally able to solve the problem myself.
My Apache Version was 2.4.6 but the most recent RHEL Version, httpd-2.4.6-97.el7.centos I believe. Looking at the Change Log for apache 2.4 (https://www.apachelounge.com/Changelog-2.4.html) most of the mod_authz_dbd changes were included in the CentOS version except for the one integrated in Apache 2.4.17 entitled
QUESTION
I'm baffled with this error. I've looked everywhere and googled everything I know.
I'm updating an application from dotnet 4.5.3 to dotnet 4.8. The setup hasn't changed dramatically, this identity config has not changed in a long time. The updated code runs good in the development and test environments. Now it's time to update the qa environment. There are new servers for this upgrade. All run the same version of Windows 10 (just the latest). I have installed dotnet 4.8 on all of them. I have verified that the System.IdentityModel.dll is present in the GAC. (I even decompiled the assembly and verified that this class is present in it.) I have verified that the dll is referenced in my .csproj file.
Yet, when I start the website, this is the error that greets me.
Let me repeat that this same code works fine in development and test environments, yet the same build fails in the qa environment. This is the configuration causing the problem.
...ANSWER
Answered 2020-Nov-17 at 11:10The answer to the problem is to set Copy Local in the assembly dependencies to true.
Not sure why this assembly can't be found. It's blowing my mind. After spending +3 days looking for it, I'm calling it quits as this solution works.
QUESTION
I looked at the User_ table in liferay and every new password has a prefix of:
{SHA-256}
I am trying to set up a Shibboleth IDP to use the User_ table to authenticate like this:
ShibUserPassAuth { relationalLogin.DBLogin required debug=true dbDriver="com.mysql.jdbc.Driver" userTable="User_" userColumn="emailAddress" passColumn="password_" dbURL="jdbc:mysql://mysql:3306/lportal" dbUser="root" dbPassword="password" hashAlgorithm="SHA-256"; };
However my authentication fails because the password does not match. If I go into the database an manually update the password, then it works.
Any ideas how I can work around this by getting Liferay to not set this prefix or getting Shibboleth to look for this prefix?
...ANSWER
Answered 2020-Nov-12 at 11:07The answer to your question in the title probably is "because Liferay's history and upgrade compatibility". I guess they didn't want to alter the User_ table's schema, but needed a way to mark the hashing algorithm.
I don't have the answer to your actual question, but two ideas:
I found an old discussion that leads me to believe that you could write a query template for the Shibboleth DB connection (example copied from the linked discussion for longievity):
QUESTION
When users click logout, I'm redirecting them to "/Shibboleth.sso/Logout"
This successfully brings them to the Microsoft logout page, then they get redirected back to the SP.
However, as they return to the SP they get a SOAP error message.
ANSWER
Answered 2020-Sep-30 at 19:33When configuring the SP on Azure, I uploaded the metadata as-is.
This populated the fields on Azure, and things mostly worked.
However, it pulled the logout url as the first entry from the metadata:
QUESTION
I have added Spring Security to an existing JEE application to add OAuth to the application. The security configuration is set to protect the REST API, and that part seems to work fine. When the UI requests a protected URL, the response contains a redirect to 'oauth2/authorize/keycloak'.
But that's where the story ends, since the request to 'oauth2/authorize/keycloak' itself returns a 404.
I am pretty out of date with spring security (have used it the last time with Spring applications about 8 years ago) and I have no idea where I am supposed to find the implementation of the endpoint 'oauth2/authorize/keycloak' in order to figure out what is missing or wrong in my setup.
The relevant part of my dependency tree looks as follows:
...ANSWER
Answered 2020-Sep-26 at 07:31By default, the OAuth 2.0 Login Page is auto-generated by the DefaultLoginPageGeneratingFilter.
The login page for a client defaults to this: OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/{registrationId}". As per your configuration, registrationId: "keycloak", this means (/oauth2/authorization/keycloak).
Please check your WebSecurityConfigurerAdapter configuration. Try to override the default login page by configuring oauth2Login().loginPage() and (optionally) oauth2Login().authorizationEndpoint().baseUri().
The following listing shows an example:
QUESTION
I have recently configured Shibboleth Service Provider for my IIS web server and Microsoft Azure. The authentication works like a charm but I do have some problems getting Azure or Shibboleth to redirect to my correct local logout page.
To be honest then I am not 100% sure how the logout mechanism works but from my web page I am calling this logout:
https://my.webserver.xyz/Shibboleth.sso/Logout
This will in fact log me off from Azure on my application but my problem is that it will show this standard Shibboleth logout page after logoff:
...ANSWER
Answered 2020-Sep-09 at 05:17I will answer the question myself as there have been no other solutions propossed and this seems to work for me.
I have found the problem with this as it seemed to be myself being too impatient ;-) I think I may have tested the logout functionality too soon after the configuration changes in Azure as Azure needs some time before the changes get effectuated.
I have now found out that when I have this Logout URL configured in Azure https://my.webserver.xyz/Shibboleth.sso/Logout then it redirects me back to the above standard Shibboleth /etc/localLogout.html logout page.
When I configure the Azure Logout URL to be https://my.webserver.xyz/Shibboleth.sso/Logout?return=https://my.webserver.xyz/loggedout/ then it actually will redirect directly back to this page from Azure.
It is not required to redirect back to the same URL as the one configured in Azure - you can just have a link on your web page like this https://my.webserver.xyz/Shibboleth.sso/Logout?return=https://my.webserver.xyz/test-123/ and it will redirect back to this after logout.
Morale here - be a little more patient and allow for some Azure synchronization time before rushing out and doing a lot of configuration changes :-)
QUESTION
I have a log file with lines of strings similar to this
...ANSWER
Answered 2020-Sep-09 at 06:40def extract_from_log(log_line, label):
if label[-1] != '=':
label += '='
start = log_line.index(label)
end = log_line.index('#', start + len(label))
return log_line[start + len(label): end]
print(extract_from_log(log_line, 'TS'))
print(extract_from_log(log_line, 'USERID'))
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install shibboleth
PHP requires the Visual C runtime (CRT). The Microsoft Visual C++ Redistributable for Visual Studio 2019 is suitable for all these PHP versions, see visualstudio.microsoft.com. You MUST download the x86 CRT for PHP x86 builds and the x64 CRT for PHP x64 builds. The CRT installer supports the /quiet and /norestart command-line switches, so you can also script it.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
