Shibboleth Authentication and autodiscovery

Forums Network Management RADIUS 802.1x and Captive Portal Shibboleth Authentication and autodiscovery

  • This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • October 14, 2011 at 11:36 am #43156
    enrico
    Member

    Hello, I’m trying to understand how auto discovery works with shibboleth as authentication method for captive portal.
    It seems that zeroshell tries to perform a man in the middle, intercepting ssl requests. Is this correct? Is there source code available to study this method?

    Best regards,
    Enrico.

    October 16, 2011 at 9:35 am #51998
    imported_fulvio
    Participant

    Hi,
    do not worry, Zeroshell couldn’t act as man in the middle in the communication between the client and the IdP if the user correctly verifies that the certificate of the IdP it’s trusted. The authentication is end-to-end tunneled on TLS so Zeroshell is not able to decrypt it. Instead it just calls a script before redirecting to the IdP/WAYF. Here is the patch for shibboleth-sp:

    http://www.zeroshell.net/listing/shibboleth-2.4.3-zeroshell-IdP-autoDiscovery.patch

    Regards
    Fulvio

    October 20, 2011 at 12:50 pm #51999
    enrico
    Member

    I think I understand you patch, but so why using WAYF of GARR IDEM federation (maybe the italian forum is more appropriate), I get redirected to my idp https://idp2.cilea.it/idp/profile/…. but the certificate presented is that of zeroshell?

    October 20, 2011 at 1:34 pm #52000
    enrico
    Member

    Sorry, GARR WAYF service configured as SAMLDS in session initiator works.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.