Shibboleth

Authentication and Authorization with Shibboleth and LDAP

Previously, I tried setting up a more efficient Shibboleth Attribute Authority - one where I could query for a specific attribute value for a specific attribute for a specific user (e.g. does jane@itlab.stanford.edu have an experimentId attribute with the value 2?). While you can add attribute values to the attribute elements in a SimpleAggregation AttributeResolver Continue reading Authentication and Authorization with Shibboleth and LDAP

Configuring a Shibboleth Service Provider

After you've installed the Shibboleth Service Provider (SP) Apache module and daemon, and joined one or more federations, you'll need to edit /etc/shibboleth/shibboleth.xml. The federation will normally give you configuration instructions, but a basic configuration is available from shibboleth.xml. The file has entries for Stanford's test federation (DevFed), Internet2's test federation (InQueue) and Internet2's production Continue reading Configuring a Shibboleth Service Provider

MySQL Replication

Neither Stanford nor Yahoo! were ready to use Shibboleth when the interface to Yahoo! music was set up in late summer 2005. However, we wanted to migrate to Shibboleth at a later date, so we used Yahoo!'s Campaign Codes as targeted IDs - once we verified that a person was eligible for the music server Continue reading MySQL Replication

Shibbolized Movable Type

I've "hacked" Shibboleth authentication for administrators and posters, and built a Shibboleth-backed TypeKey for comment authentication. Details on the Shibbolized MT site itself. It's really more of a REMOTE_USER hack, so it should work with any other authentication system that can populate the REMOTE_USER environment variable.