[Openca-Users] OpenCA and Shibboleth

Mon, 20 Mar 2006 09:32:07 -0800 

Hello,

in line with the LDAP-/PKI- project of the Rechenzentrum of the Uni-
versity of Konstanz, we have managed to protect the following OpenCA 
web interfaces:

  - "/ra",
  - "/pub",
  - "/node" und
  - "/ldap"

by the use of a Shibboleth Service Provider. The Shibboleth framework
provides a Single-Sign-On service that can be realized with a X509 
based login modus aswell as with a common username/password based login
modus. Therefore the original OpenCA login types have been switched off
and have become substituted by a newly defined login type "shibboleth".

Moreover the source code of the OpenCA software has been modified to
grant that the OpenCA software is still enabled to realize its RBAC
and Access-Control functionality by retrieving the required data (name
and role) of a requesting administrative user from a Service Provider's
web server environment. Even non-administrative users benefit from this
changes to the OpenCA software: after they have become authorized to 
visit the protected web interfaces, they will find all provided 
formulars (e.g. the "Basic Certificate Request"- formular) already 
filled with their personal data.

According to the OpenCA licence terms we will dump our changes to
the OpenCA code 'as is' and without any further claim for support.
Thanks to Michael Belle for supporting our approach to modify the
OpenCA sources. We will briefly present our work at the next ReDi
Shibboleth Workshop on the 23th of March 2006 in Freiburg.

Best regards from Konstanz,
Giovanna Ratini and Markus Grandpre

---------------------------------------------------------------------
Universität Konstanz, Rechenzentrum, Abt. Kommunikationsinfrastruktur
E-Mail [EMAIL PROTECTED], phone +497531882411, fax +497531883739


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to