On November 3, 2011 10:41 , Liam Hoekenga <li...@umich.edu> wrote: > I would like access COSIGN_FACTOR from shibboleth, but the only part of > the IdP that is cosign protected is the login handler, and that's not > where attributes are defined / populated, so I don't have access to the > COSIGN_FACTOR environment variable by the time I need it.
Yes, assuming that both the Shibboleth login handler and the place you need COSIGN_FACTOR are on the same web virtual host. Get the value of the cosign session cookie from the HTTP request header. Use the value of the cosign session cookie to read the cosign filter session file (you'll also need the value of the cosign service name in order to construct the name of the filter session file, but presumably that would not be a problem). The value for COSIGN_FACTOR will be on the line in that file that starts with a lowercase 'f'. For example, single factor: [root@aeacus ~]# cat "/var/cosign/filter/cosign-aeacus.lsa.umich.edu=jqG7U+hm+inyNYrmK7r-8LqgZmiAsT752nKbupPZIiZA-0UBoi0LKN2ECHTuisdNMJ510PAu8fw-mp1OPHcNYyiUyIJD+VNgwO-Gzos03ViEQZl-m6U0uIG+TUoF" v3 i141.213.169.109 pmarkmont rUMICH.EDU fUMICH.EDU [root@aeacus ~]# versus two-factor: [root@aeacus ~]# cat "/var/cosign/filter/cosign-aeacus.lsa.umich.edu=47GljWdqqR4TIFV7iRUB5v4wx9pzUprTzwBYwH-DHc71OKN2LLQRgEw7tSlwaCNtdFp0nFB3qcnDdDPAZxoJEHDWUk8PRfrPjufJ7BbbaIRD3z5FzsnxI4bOeZ3S" v3 i141.213.169.109 pmarkmont rUMICH.EDU fUMICH.EDU mtoken [root@aeacus ~]# -- Mark Montague LSA Research Systems Group University of Michigan markm...@umich.edu ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
