 |
 |
On Dec 14, 2007, at 1:47 PM, Harper, Chris wrote: > Wouldn't a swap installed instance use Sentinel? Alleviating the need > for such tight integration with shibboleth? > > If not, Matt I may someday need to get a download from you on how we > can > utilize shibboleth for authentication purposes in our web environment > here at UR. It could be done either way, but I would suggest, that due to the nature of this application, their might be value in exposing parts of it to fac/stf at other institutions, in which case, we would want to use shibboleth. It is worth noting that we have setup shibboleth to use sentinel as it's login processor, so authenticating through a shibbolized application gets you a sentinel credential (there are not *two* integration points for the application developer...you can integrate with shibboleth and automatically get the sentinel goodness). For anyone interested in shibbolizing their application, the first step is to look at http://www.testshib.org/ You'll want to work on the SP (Service Provider) component. Once you have your SP working against testhib, you can get ahold of me and we'll exchange metadata with you so you can work against the MSU IdP (Identity Provider). I need to note that our IdP is not a production-grade service yet. We have yet to tackle high-availability, and we have some minor tweaking left to get the thing polished, but it does work, and it is integrated with sentinel. ./mk -- Matt Kolb <[log in to unmask]> Academic Computing & Network Services Michigan State University