www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Shibboleth Authentication and autodiscovery

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> RADIUS 802.1x and Captive Portal
View previous topic :: View next topic  
Author Message
enrico



Joined: 14 Oct 2011
Posts: 3

PostPosted: Fri Oct 14, 2011 11:36 am    Post subject: Shibboleth Authentication and autodiscovery Reply with quote

Hello, I'm trying to understand how auto discovery works with shibboleth as authentication method for captive portal.
It seems that zeroshell tries to perform a man in the middle, intercepting ssl requests. Is this correct? Is there source code available to study this method?

Best regards,
Enrico.
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1048

PostPosted: Sun Oct 16, 2011 9:35 am    Post subject: Reply with quote

Hi,
do not worry, Zeroshell couldn't act as man in the middle in the communication between the client and the IdP if the user correctly verifies that the certificate of the IdP it's trusted. The authentication is end-to-end tunneled on TLS so Zeroshell is not able to decrypt it. Instead it just calls a script before redirecting to the IdP/WAYF. Here is the patch for shibboleth-sp:

http://www.zeroshell.net/listing/shibboleth-2.4.3-zeroshell-IdP-autoDiscovery.patch

Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
enrico



Joined: 14 Oct 2011
Posts: 3

PostPosted: Thu Oct 20, 2011 12:50 pm    Post subject: don't understand Reply with quote

I think I understand you patch, but so why using WAYF of GARR IDEM federation (maybe the italian forum is more appropriate), I get redirected to my idp https://idp2.cilea.it/idp/profile/.... but the certificate presented is that of zeroshell?
Back to top
View user's profile Send private message
enrico



Joined: 14 Oct 2011
Posts: 3

PostPosted: Thu Oct 20, 2011 1:34 pm    Post subject: sorry Reply with quote

Sorry, GARR WAYF service configured as SAMLDS in session initiator works.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> RADIUS 802.1x and Captive Portal All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group