Hi Josh, I did some more research and I think that in order to get SSO through ADFS, Shibboleth needs to be set up first since Apache cannot natively authenticate against ADFS. I found a step by step article that seems to be the answer: http://www.jbmurphy.com/2016/08/31/using-adfs-for-authenticating-apache-hosted-sites-2/ Once that is up, I intend to configure as per https://vcl.apache.org/docs/shibauth.html and see what happens.
Thanks, -----Original Message----- From: Josh Thompson <[email protected]> Sent: Tuesday, August 18, 2020 1:12 PM To: [email protected] Subject: Re: [EXTERNAL] Re: ADFS SSO Authentication -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ariel, VCL doesn't really directly interact with Shibboleth. Apache httpd is configured to work with Apache, and VCL looks for certain variables set in PHP by httpd when a user is authenticated with Shibboleth. So, you'll probably need to work with your httpd configuration to have it interact with ADFS correctly. I won't be much help there as other staff members have primarily taken care of that part with our installation. Josh On Monday, August 17, 2020 3:00:37 PM EDT MARTINEZ, ARIEL wrote: > Hi Josh, > > Do you know if the VCL Shibboleth configuration generates a metadata file? I > think that to set up SSO with ADFS, our ADFS will need to send the > attributes to Shibboleth since that is what VCL will be expecting for > authentication. > > Thanks, > > -----Original Message----- > From: Josh Thompson <[email protected]> > Sent: Monday, August 17, 2020 1:22 PM > To: [email protected] > Subject: [EXTERNAL] Re: ADFS SSO Authentication > > WARNING: This email originated outside the Hostos campus. Do not click links > or open attachments unless you recognize the sender and know the content is > safe. Never provide login credentials, financial or sensitive details in > response to an email or by clicking on a link. Report suspicious emails to: > [email protected] - -- - ------------------------------- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found on pool.sks-keyservers.net All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties. -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQRMIdRtWXideTZDK31X8tBw1209AwUCXzwLwwAKCRBX8tBw1209 A3oQAJ98JY8qX90CwaX5ZN5rySw7Nkfe4gCfYrls5PrzltKiomG4xUSQOgEF3KM= =ShAf -----END PGP SIGNATURE-----
