| View previous topic :: View next topic |
| Author |
Message |
enrico
Joined: 14 Oct 2011
Posts: 3
|
 Posted: Fri Oct 14, 2011 11:36 am Post subject: Shibboleth Authentication and autodiscovery |
 |
|
Hello, I'm trying to understand how auto discovery works with shibboleth as authentication method for captive portal.
It seems that zeroshell tries to perform a man in the middle, intercepting ssl requests. Is this correct? Is there source code available to study this method?
Best regards,
Enrico. |
|
| Back to top |
|
 |
fulvio
Site Admin
Joined: 01 Nov 2006
Posts: 997
|
| Posted: Sun Oct 16, 2011 9:35 am Post subject: |
|
|
Hi,
do not worry, Zeroshell couldn't act as man in the middle in the communication between the client and the IdP if the user correctly verifies that the certificate of the IdP it's trusted. The authentication is end-to-end tunneled on TLS so Zeroshell is not able to decrypt it. Instead it just calls a script before redirecting to the IdP/WAYF. Here is the patch for shibboleth-sp:
http://www.zeroshell.net/listing/shibboleth-2.4.3-zeroshell-IdP-autoDiscovery.patch
Regards
Fulvio |
|
| Back to top |
|
|
enrico
Joined: 14 Oct 2011
Posts: 3
|
| Posted: Thu Oct 20, 2011 12:50 pm Post subject: don't understand |
|
|
| I think I understand you patch, but so why using WAYF of GARR IDEM federation (maybe the italian forum is more appropriate), I get redirected to my idp https://idp2.cilea.it/idp/profile/.... but the certificate presented is that of zeroshell? |
|
| Back to top |
|
|
enrico
Joined: 14 Oct 2011
Posts: 3
|
| Posted: Thu Oct 20, 2011 1:34 pm Post subject: sorry |
|
|
| Sorry, GARR WAYF service configured as SAMLDS in session initiator works. |
|
| Back to top |
|
|
|
Search
Register
Usergroups
Profile
Log in
Private Message
