Hi Ryan,
Thanks for your email and some precisions.
I already have an IdP and SP implemented and talking each other well. My SP is
within IIS7 and my IdP running within a a servlet container (Tomcat 6). Both
are in two different boxes (With Windows 2008 Sever and Windows 7). I also
implemented an LDAP server (OpenDJ 2.7) to authenticate users near the IdP. I
put a simple HTML page in a ../secure directory within IIS and create some
users in the LDAP server to test the authentication, that also work
successfully; after being authenticated, a user access successfully the
protected html page.
So everything is set up and I now need to integrate ('Shibbolize') a real
application (The ASP .NET application) that I should acquire from elseone. I am
not an ASP .NET developer by the way and my programming skills neither good.
Thus I am quite confused by what to ask to the ASP application developer to
modify in regard to Shibboleth, neither I know what files and what xml
elements to configure in Shibboleth side since there is none precision in the
Shibboleth official documentation mostly regarding ASP .NET applications.
Kind regards
Gilles Rubens Badouet
Student ID: 3940347
Faculty of Engineering and Computing
MSc Network Computing Course
Mobile: 07424486426
________________________________
From: Ryan Davis <[email protected]>
Sent: 26 July 2013 15:19
To: Gilles Badouet
Cc: [email protected]
Subject: Re: [Spam] [Mono-aspnet-list] Integrating/Authentication ASP .NET
application(s) to/with Shibboleth
Shibboleth is a complicated system, but you can break it down into a few parts.
Grossly oversimplifying:
* Identity provider (IdP) - this service handles authentication; your users
type in their username and password here.
* Service Provider (SP) - this service runs on the same server as your
ASP.NET application, and talks back and forth with the IdP. You tell the SP
what URLs are protected, and the SP intercepts HTTP traffic, redirecting people
to the IdP for authentication first if someone requests for a protected URL.
When the IdP authenticates the user, it redirects back to your SP with data
about the authenticated user (e.g. username). The SP adds this information as
custom HTTP headers, then finally sends the request to your ASP.NET application
* The ASP.NET application looks in HttpRequest.Headers for information
about the logged in user
What you do with it from there is up to you. If you're using ASP.NET MVC, it's
pretty easy to make an AuthorizeAttribute that looks to the headers; if you're
using ASP.NET webforms maybe you have a Begin_Request() in your global.asax.cs
that reads the headers and sets HttpContext.User.
Most of the work with getting Shibboleth setup is in running the SP daemon and
establishing trusted connections with the IdP - there's some metadata and key
exchanges that you need to work out with the folks running the IdP, and then
they need to explicitly authorize your SP. You should ask on shibboleth mailing
lists<http://shibboleth.net/community/lists.html> for help with that. It's not
that difficult, it's just a lot of nitty-gritty details that all have to match
perfectly.
Good luck,
Ryan Davis
Director of Programming, Acceleration.net
2837 NW 41st Street, Unit 320
Gainesville, FL 32606
352-335-6500 x124
http://www.acceleration.net
On 07/26/2013 08:31 AM, Gilles Badouet wrote:
Hello all,
I am new in this mailing list.
Can anyone here describe me how to integrate an ASP .NET application to
Shibboleth, indeed for the authentication mechanism.
I would like to do so, but don't know how to proceed, the steps to follow ... I
read Shibboleth documentation, but still I cant understand what are the
processes.
I would appreciate if anyone here can help me by providing few steps to follow
and if possible how; or any links providing such implementations examples.
Kind regards
Gilles Rubens Badouet
Student ID: 3940347
Faculty of Engineering and Computing
MSc Network Computing Course
Mobile: 07424486426
_______________________________________________
Mono-aspnet-list mailing list
[email protected]<mailto:[email protected]>
http://lists.ximian.com/mailman/listinfo/mono-aspnet-list
_______________________________________________
Mono-aspnet-list mailing list
[email protected]
http://lists.ximian.com/mailman/listinfo/mono-aspnet-list
