views:

592

answers:

4

Hi, I have some questions on this topic.

Where do I get information about the currently connected user? That is, how does shibboleth pass the information?

Can I set some restrictions on actions using [Authorize] attribute based on data acquired from shibboleth?

Thanks in advance.

Trimack

A: 

I have never user shibboleth, but you can get information about the user from Controller.User property. It will return a generic principal of current thread. Using this principal you can check whether the user is authenticated and get a login name of the user. This is due to the reason that after logon an authentication cookie is set and this cookie contains limited amount of information. And on each request after logon only this cookie is checked (if it exists and valid - user is authenticated).
So if you need in some specific information you can manually load a user (it's better to use cache here) and check whatever you want.
Also you can create and attach your own principal with necessary information to the thread on start of a request (e.g. on start of a request load the user from db/cache using user name from base principal, create and set your own principal to thread). After this you can check all properties of the user you need.

zihotki
+2  A: 

Shibboleth publishes user attributes associated with sessions into HTTP request headers, based on header names defined in Attribute Acceptance Policy (1.3.x) or Attribute Mapping (2.x) files. These headers are transformed into CGI variables based on mapping rules defined by the CGI specification.

You should be aware of this security advisory: http://shibboleth.internet2.edu/secadv/secadv%5F20090615.txt

A: 

Where would you attach your own principal? You say on the start of the request but what if you don't want every request authorizing?

Gazeth
A: 

Hi,

I need to integrate shibboleth in my application . My application is .net web application. May I know how to do this one ? I have a separate server (ubuntu server) in which shibboleth idp and sp installed with apache configuration.

I made lot of search on this. but I can't able to get the correct point on this one . Can anyone suggest me some url or point what i need do to get it work ? its urgent.

can any one worked on it and give a help to me ?

Thanks, Suresh.

Hi, this https://spaces.internet2.edu/display/SHIB/SPWindowsInstall is the main source I used. After installing daemon on the server, you can use the servervariables in the Request attribute. If you want something more specific, ask a new question (and let me know somehow, I have already succeeded in many challanges shibboleth has put in front of me ;) )
Trimack