NAME
Jifty::Plugin::Authentication::ModShibb - Shibboleth auth. plugin for
Jifty
DESCRIPTION
This may be combined with the Jifty::Plugin::User plugin to provide user
authentication using Shibboleth web single sign-on. The Shibboleth
System is a standards based software package for web single sign-on
across or within organizational boundaries. It supports authorization
and attribute exchange using the OASIS SAML protocol.
Jifty::Plugin::Authentication::ModShibb requires a "shibd" service
provider which will set required attributes in environment variables.
CONFIG
in etc/config.yml
Plugins:
- Authentication::ModShibb:
mapping: # jifty column : shibboleth attribute
shibb_id: eppn
email: email
name: displayName
authz: $ENV{'primary_affiliation'} eq 'employee' # shibboleth attribute : value
"shibb_id" is mandatory and must provide a distinct id for each user
"name" is highly recommended to display feedback for users
"email" is highly recommended if you mix shibboleth authentication and
other jifty authentication plugins
add in your User Model
use Jifty::Plugin::Authentication::ModShibb::Mixin::Model::User;
apache
AuthType shibboleth
Require shibboleth
ShibRequestSetting applicationId uads
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
For debugging idp and sp config you can add an apache authentication on
"/shibb_test" location.
METHODS
prereq_plugins
This plugin depends on the User plugin.
init
load config
SEE ALSO
Jifty::Manual::AccessControl, Jifty::Plugin::User, Shibboleth::SP
AUTHOR
Yves Agostini,
LICENSE
Copyright 2010, Yves Agostini .
This program is free software and may be modified and distributed under
the same terms as Perl itself.