[PacketFence-users] SAML authentication

Morris, Andi Wed, 08 Jun 2016 08:56:10 -0700

Hi,
I'm trying to setup SAML authentication for my users connecting to sponsor a 
guest, and also potentially for my admin users, however I can't seem to get 
packetfence to attempt to authenticate the users with this source. I've even 
tried pushing the SAML section right to the top of the authentication.conf file.


The SAML conf is as below:
[Shib_dev]
description=Shib_dev
idp_ca_cert_path=/usr/local/pf/conf/ssl/idp.crt
idp_entity_id=https://idp.dev.cardiffmet.ac.uk/idp/shibboleth
idp_metadata_path=/usr/local/pf/conf/ssl/cardiffmet-dev-metadata.xml
username_attribute=urn:mace:shibboleth:2.0:attribute:encoder
dynamic_routing_module=AuthModule
idp_cert_path=/usr/local/pf/conf/ssl/idp.crt
sp_entity_id=https://pfguestdev.internal.uwic.ac.uk
type=SAML
authorization_source_id=DC1
sp_cert_path=/usr/local/pf/conf/ssl/server.crt
sp_key_path=/usr/local/pf/conf/ssl/server.key

[local]
description=Local Users
dynamic_routing_module=AuthModule
type=SQL

[file1]
description=Legacy Source
stripped_user_name=yes
path=/usr/local/pf/conf/admin.conf
dynamic_routing_module=AuthModule
type=Htpasswd

[file1 rule admins]
description=All admins
class=administration
match=all
action0=set_access_level=ALL

[DC1]
description=dc1
password=password
scope=sub
binddn=CN=ldappacketfence,CN=Users,DC=internal
basedn=OU=User Accounts,DC=internal
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
stripped_user_name=yes
encryption=none
cache_match=1
dynamic_routing_module=AuthModule
port=389
type=AD
host=192.168.1.1

[DCLL01 rule Admin]
description=
class=administration
match=any
action0=set_access_level=ALL
action1=mark_as_sponsor=1
condition0=sAMAccountName,equals,admin

[DCLL01 rule All_staff]
description=
class=administration
match=any
action0=mark_as_sponsor=1
condition0=memberOf,equals,CN=STAFF,OU=User Accounts,DC=internal

I'm not expecting the actual SAML auth to work first time, but it doesn't 
appear to be even trying to send the request to my IdP server.

Cheers,
Andi
________________________________

[Cardiff Metropolitan University - Queens Anniversary Prizes 
2015]<http://www.cardiffmet.ac.uk/news/Pages/Cardiff-Met-research-recognised-in-Queens-Anniversary-Prizes-for-Higher-and-Further-Education.aspx>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] SAML authentication

Reply via email to