Perl 6 - the future is here, just unevenly distributed

IRC log for #shibboleth, 2014-06-18

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:47 ilbot3 joined ##shibboleth
08:46 PGM_ joined ##shibboleth
08:46 PGM_ Hello
08:46 PGM_ We have a question regarding Logout
08:46 PGM_ (we understand the complexities etc. and have read the docs)
08:46 PGM_ We want to configure the return url when the user goes to the Logout page
08:47 PGM_ But wish to have that as part of the Shibboleth config and not in the query string
08:47 PGM_ Can't work out how to do it
08:47 PGM_ Any help?
15:42 hsnopi joined ##shibboleth
15:42 hsnopi knock knock
15:43 hsnopi I assume this is you? http://shibboleth.net/pipermail/​users/2013-February/008097.html
15:47 hsnopi anyhow, if you are still here are you still taking questions?
16:17 hsnopi Well, I'm learning Shib kind of on the fly. I'm reading the documentation. I inherited a legacy system and the people who originally set it up also learnd it ont he fly, spit it out and never touched it again. So...you can imagine my confusion and frustration. AS I said I am RTFM now. It is helpful. but I was hoping to be able to bounce specific questions to you
16:59 pdurbin hsnopi: yeah, that's me
17:00 pdurbin I'm trying to read the fine manual as well
17:00 hsnopi it is fairly lengthy. https://wiki.shibboleth.net/confluence/d​isplay/SHIB2/NewUnderstandingShibboleth just starting protocols. I've already had to move an IdP from one domain to another and set it up as a separate entity. Not sure if I did it right
17:02 hsnopi do you know where the metadata generator grabs it's information from?
17:02 pdurbin ah. I don't plan to run an IdP. I'm using mod_shib as an SP that fronts my Java webapp
17:02 hsnopi e.g. a template? If I wanted to add contact info
17:02 hsnopi an ok
17:02 hsnopi we are running an IdP and SP's
17:03 pdurbin I need to figure out how to have my SP talk to multiple IdPs
17:03 hsnopi i was reading somehting about that. one sec...
17:04 pdurbin I swapped out a hard coded testshib.org IdP for an incommons WAYF url
17:04 pdurbin and that works fine
17:04 pdurbin but I'm wondering how to get a combination of both
17:04 hsnopi I don't even knwo what WAYF stands for
17:04 pdurbin Where Are You From
17:04 hsnopi seriously?
17:05 hsnopi https://wiki.shibboleth.net/conflu​ence/display/SHIB2/MetadataForIdP
17:05 hsnopi specifically the single sign on service section. it says one or more...
17:05 hsnopi i was curious if you could set that up to use as a failover or something.
17:07 pdurbin here's where I found the WAYF URL to use: https://spaces.internet2.edu/display/In​CFederation/Shibboleth+Discovery+Config
17:07 pdurbin and I may well use that some day
17:07 pdurbin but I'm going to need to add in some other IdPs that aren't on that list
17:09 hsnopi I get confused on what info goes in what file. if you look, for example, in etc.shibboleth on a *nix system, there are a lot of files. which are strictly needed?
17:09 hsnopi so that is what I'm reading to understand. that and the whole mace/urn ns thing confuses me
17:10 hsnopi so are you new to shib?
17:21 hsnopi do you kow of a location I can see all the possibilities of a shibboleth2.xml file? e.g. it's completel possible structure and attributes?
17:22 hsnopi the mroe I read the more I think over half of our configuration options aren't even needed.
17:31 pdurbin hsnopi: yeah, I'm new to shib
17:31 hsnopi the requestmap is very powerful.
17:31 hsnopi i'm reading about it now. it seems like it could consolidate a lot of configs
17:32 * pdurbin looks at https://wiki.shibboleth.net/confluenc​e/display/SHIB2/NativeSPRequestMapper
17:32 pdurbin "You can think of it as a portable equivalent of the Apache <Location> feature, which associates Apache directives with specific URLs." nice
17:33 hsnopi that's where I am now
17:33 hsnopi exactly! and ssl redirects
17:33 hsnopi though not for post
17:34 hsnopi it looks like wiht the discovery stuff that might be where you can specify different IdP's for various ur's in your site?
17:34 hsnopi https://wiki.shibboleth.net/confluen​ce/display/SHIB2/NativeSPRequestMap
17:36 hsnopi in fact, step 2 of the FlowAndConfig page makes a LOT mroe sense having read the request mapper and may be waht you awere looking for
17:37 hsnopi looks like WAYF is going out of style
17:39 hsnopi I think you would need the sessionInitiator stuff. there is an acsINdex which I'm guessing is a priority type thing.
17:44 pdurbin huh. going out of style. hmm
17:45 hsnopi well it says WAYF is for Shib1.0
17:46 pdurbin I'm pretty sure WAYF is still a thing
17:48 pdurbin hsnopi: this is the config file I'm using now, if you're interested: https://github.com/IQSS/dataverse/blob/master​/conf/vagrant/etc/shibboleth/shibboleth2.xml
17:51 hsnopi does it work?
17:52 hsnopi gah! meeting I forgot about. brb
17:52 hsnopi or iab
18:12 hsnopi I think this is what you need. https://wiki.shibboleth.net/confl​uence/display/SHIB2/IdPDiscovery
18:31 pdurbin hsnopi: yes, I've been looking at that page. thanks
18:31 hsnopi so you're just usign the SSO shorthand.
18:33 pdurbin right. and likewise when I switch to the WAYF URL: <SSO discoveryProtocol="SAMLDS" discoveryURL="https://wayf.incommonfederation.org/DS/WAYF"> SAML2 SAML1 </SSO>
18:34 hsnopi ok
18:34 hsnopi we just have one IdP so we are going to hard code it
18:36 pdurbin ah
18:37 hsnopi though we are looking int, and by we I mean me, having some kind of fallback, failover
18:37 hsnopi into*
18:37 hsnopi OMG everybody here needs to shut up. I can't even read.
18:50 hsnopi this is a dumb question, does the SP have to have it's own ability to "login" or can I have say, a static HTML site and use SSO with the Request mapper?
18:54 pdurbin you can protect a static site behind shibboleth
18:54 hsnopi that's what I thought. I may end up setting up a micro instance on AWS and practice buildint shibboleth2.xml from scratch
18:55 hsnopi thanks
19:31 pdurbin yeah. start small
19:31 pdurbin http://testshib.org has been extremely useful
21:35 hsnopi http://shibboleth.1660669.n2.nabble​.com/Shibboleth-Users-f1660767.html
22:01 pdurbin hmm?

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary