Shibboleth and other auth modules: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
No edit summary
Line 10: Line 10:


* enable it with GUI->Settings->System configuration : Use Shibboleth for auth
* enable it with GUI->Settings->System configuration : Use Shibboleth for auth
* it still requires some GUI's users for priveleges settings
* One user can be setup as default user for Shibboleth. See 'Default Shibboleth account' checkbox in GUI->Users & Audit->Users -> selected user
* One user can be setup as default user for Shibboleth. See 'Default Shibboleth account' checkbox in GUI->Users & Audit->Users -> selected user



Revision as of 09:27, 16 February 2024

Prerequisites

  • installed functional Shibboleth-sp in Apache2 (or SW with similar functionality). The installation is beyond the scope of this document.

How does it work

When enabled in the GUI settings then the GUI search for the REMOTE_USER header (provided by Shibboleth sp) and uses it as auth user.

Configuration

  • enable it with GUI->Settings->System configuration : Use Shibboleth for auth
  • it still requires some GUI's users for priveleges settings
  • One user can be setup as default user for Shibboleth. See 'Default Shibboleth account' checkbox in GUI->Users & Audit->Users -> selected user

Usage

  • after the Shibboleth auth the GUI's Shibboleth button will appear in GUI login dialog
  • after clicking on this button the content of REMOTE_USER header is used as the user in the GUI database for getting user's privileges
  • if an user is not found then the user with set checkbox 'Default Shibboleth account' is used (if set)
  • login is done

Note about logout

The Shibboleth logout URL is constructed from Shib-Handler header + '/Logout' string. If not available then from HTTP_HOST header + '/Shibboleth.sso/Logout' string.