Hello, I’m trying to understand how auto discovery works with shibboleth as authentication method for captive portal.
It seems that zeroshell tries to perform a man in the middle, intercepting ssl requests. Is this correct? Is there source code available to study this method?
Hi,
do not worry, Zeroshell couldn’t act as man in the middle in the communication between the client and the IdP if the user correctly verifies that the certificate of the IdP it’s trusted. The authentication is end-to-end tunneled on TLS so Zeroshell is not able to decrypt it. Instead it just calls a script before redirecting to the IdP/WAYF. Here is the patch for shibboleth-sp:
I think I understand you patch, but so why using WAYF of GARR IDEM federation (maybe the italian forum is more appropriate), I get redirected to my idp https://idp2.cilea.it/idp/profile/…. but the certificate presented is that of zeroshell?