|
On Dec 14, 2007, at 1:47 PM, Harper, Chris wrote:
> Wouldn't a swap installed instance use Sentinel? Alleviating the need
> for such tight integration with shibboleth?
>
> If not, Matt I may someday need to get a download from you on how we
> can
> utilize shibboleth for authentication purposes in our web environment
> here at UR.
It could be done either way, but I would suggest, that due to the
nature of this application, their might be value in exposing parts of
it to fac/stf at other institutions, in which case, we would want to
use shibboleth. It is worth noting that we have setup shibboleth to
use sentinel as it's login processor, so authenticating through a
shibbolized application gets you a sentinel credential (there are not
*two* integration points for the application developer...you can
integrate with shibboleth and automatically get the sentinel goodness).
For anyone interested in shibbolizing their application, the first
step is to look at http://www.testshib.org/ You'll want to work on
the SP (Service Provider) component. Once you have your SP working
against testhib, you can get ahold of me and we'll exchange metadata
with you so you can work against the MSU IdP (Identity Provider).
I need to note that our IdP is not a production-grade service yet. We
have yet to tackle high-availability, and we have some minor tweaking
left to get the thing polished, but it does work, and it is integrated
with sentinel.
./mk
--
Matt Kolb <[log in to unmask]>
Academic Computing & Network Services
Michigan State University
|
