Shibboleth and other auth modules

From VoIPmonitor.org
Revision as of 10:27, 16 February 2024 by Milan (talk | contribs) (→‎Configuration)
Jump to navigation Jump to search

Prerequisites

  • installed functional Shibboleth-sp in Apache2 (or SW with similar functionality). The installation is beyond the scope of this document.

How does it work

When enabled in the GUI settings then the GUI search for the REMOTE_USER header (provided by Shibboleth sp) and uses it as auth user.

Configuration

  • enable it with GUI->Settings->System configuration : Use Shibboleth for auth
  • it still requires some GUI's users for privileges settings
  • One user can be setup as default user for Shibboleth. See 'Default Shibboleth account' checkbox in GUI->Users & Audit->Users -> selected user

Usage

  • after the Shibboleth auth the GUI's Shibboleth button will appear in GUI login dialog
  • after clicking on this button the content of REMOTE_USER header is used as the user in the GUI database for getting user's privileges
  • if an user is not found then the user with set checkbox 'Default Shibboleth account' is used (if set)
  • login is done

Note about logout

The Shibboleth logout URL is constructed from Shib-Handler header + '/Logout' string. If not available then from HTTP_HOST header + '/Shibboleth.sso/Logout' string.

Retrieved from "https://www.voipmonitor.org//doc/index.php?title=Shibboleth_and_other_auth_modules&oldid=4693"