Hi experts.
In our Apache 2.4(+mod_perl) setups, we use the following kind of thing :
...
PerlAddAuthzProvider UMA-user AUTH::UMA2->authz_user
...
AuthName ALUtop
AuthType shibboleth
PerlSetVar UMA_AuthType "SAML2"
ShibRequestSetting requireSession 1
ShibRe
Andy, could your custom auth handler run before Shiboleth, test for a Shiboleth
token? If not present, use push_handler to run Shiboleth? If the Shiboleth
token or cookie is present, don’t run Shiboleth?
Russell
Sent from my iPhone
> On Mar 6, 2020, at 08:26, André Warnier (tomcat/perl) wrote
On 06.03.2020 17:18, Russell Lundberg wrote:
Andy, could your custom auth handler run before Shiboleth, test for a Shiboleth
token? If not present, use push_handler to run Shiboleth? If the Shiboleth
token or cookie is present, don’t run Shiboleth?
Well, the problem is that Shibboleth is quit
Genius !
Yes, I'll try that.
Why did I not think of that myself ?
If anything, it'll be fun to watch the log lines of authz_core and try to make
sense of them.
I don't even think that I have to extend our module, it should work just as well with
"require UMA-user valid-user" in both cases.
One
Thanks.
That's an interesting idea, and I'm quite sure that we could make that work, if only as a
proof of concept.
The main issue I see with it, is that it would basically double a lot of our configuration
sections - of which we have many - and make our configuration even more obscure than what
