Jifty::Plugin::Authentication::ModShibb - Shibboleth auth. plugin for Jifty
This may be combined with the Jifty::Plugin::User plugin to provide user authentication using Shibboleth web single sign-on. The Shibboleth System is a standards based software package for web single sign-on across or within organizational boundaries. It supports authorization and attribute exchange using the OASIS SAML protocol. Jifty::Plugin::Authentication::ModShibb requires a shibd service provider which will set required attributes in environment variables.
shibd
in etc/config.yml Plugins: - Authentication::ModShibb: mapping: # jifty column : shibboleth attribute shibb_id: eppn email: email name: displayName authz: $ENV{'primary_affiliation'} eq 'employee' # shibboleth attribute : value
shibb_id is mandatory and must provide a distinct id for each user
shibb_id
name is highly recommended to display feedback for users
name
email is highly recommended if you mix shibboleth authentication and other jifty authentication plugins
email
add in your User Model
use Jifty::Plugin::Authentication::ModShibb::Mixin::Model::User;
apache
<Location /> AuthType shibboleth Require shibboleth </Location> <Location /shibblogin> ShibRequestSetting applicationId uads AuthType shibboleth ShibRequestSetting requireSession 1 require valid-user </Location>
For debugging idp and sp config you can add an apache authentication on /shibb_test location.
/shibb_test
This plugin depends on the User plugin.
load config
Jifty::Manual::AccessControl, Jifty::Plugin::User, Shibboleth::SP
Yves Agostini, <yvesago@cpan.org>
Copyright 2011, Yves Agostini <yvesago@cpan.org>.
This program is free software and may be modified and distributed under the same terms as Perl itself.
To install Jifty::Plugin::Authentication::ModShibb, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Jifty::Plugin::Authentication::ModShibb
CPAN shell
perl -MCPAN -e shell install Jifty::Plugin::Authentication::ModShibb
For more information on module installation, please visit the detailed CPAN module installation guide.