Hello Everyone, I am looking at Shibboleth. I have seen one example (http://www.switch.ch/aai/support/presentations/opcom-201105/AAI-OpCom-AAI_for_mandatory_authentication_and_proxy_usage.pdf) for using it with Squid. I am afraid it makes no sense to me. I am afraid I do not know much about Shibboleth yet. It has three components for authentication, user, password, domain. It has to use redirects, etc. I see an easy way for this to work, but need help figuring it out. If a user isn't authenticated, I need to send them to a url. How do I know if a user is authenticated? Well, it seems that this is going to have to be passing the requesting client's ip address to a program and get the response back if they are authenticated or not. It would be nice if I could pass a user name, but I am not sure how to do this as this would require interaction with the browser and this should be SSO. So, is it possible to do an auth_param to a special program that just looks at the ip address? Have it return yes/no for if it is an authenticated session? If no, then do a url_rewrite_access (I am assuming this is correct)? Finally, is it possible to have multiple authentication algorithms? Some of the users will be local and be able to do krb5/spnego. So, if at all possible, I would like to have the option of trying krb5, then spnego, then Shibboleth. Thank you for any help, Trever
Attachment:
signature.asc
Description: OpenPGP digital signature
