[Building Sakai] Sakai and shibboleth

Dan McCallum dmccallum at unicon.net
Fri Feb 25 10:31:41 PST 2011 

Certainly see that point, and the Stockholm Style is certainly how some 
groups want their Shib integration to work.

But plenty of Shib deployments don't actually use its federating 
features; it ends up just functioning as a glorified CAS. Or they do 
want federated authN, but they still require official accounts in the 
local directory, so plugging in a LDAP UDP works just fine. JIT 
provisioning triggered by authN can also be pain for any sort of "user 
listing" use case, e.g. accurately representing a class roster before 
everyone's logged in.

- Dan

On 02/25/2011 11:04 AM, Kevin P. Foote wrote:
>
> Great info Dan thanks for the update.
>
> ->  The Stockholm patch is useful if you need just-in-time Sakai user
> ->  provisioning.
>
> I'd argue that's the whole point of using Shib as the authn mechanisim
> :-)
>
>
> ------
> thanks
>    kevin.foote
>
> On Fri, 25 Feb 2011, Dan McCallum wrote:
>
> ->  For the simplest use cases there's no need to patch.
> ->
> ->  The Stockholm patch is useful if you need just-in-time Sakai user
> ->  provisioning.
> ->
> ->  UNC patches are useful for improving the deep-linking and session
> ->  timeout experience if you have a mix of Shib and non-Shib users. [1]
> ->
> ->  - Dan
> ->
> ->  1 -
> ->  svn diff -c 80295 https://source.sakaiproject.org/svn/msub/unc.edu/
> ->  svn diff -c 80287 https://source.sakaiproject.org/svn/msub/unc.edu/
> ->
> ->
> ->
> ->  On 02/25/2011 08:52 AM, Kevin P. Foote wrote:
> ->  >
> ->  >  I'm sure many are..
> ->  >
> ->  >  I've had this working before.
> ->  >
> ->  >  I know Stockholm use shib. https://mondo.su.se
> ->  >
> ->  >  Two main ways that I know of ..
> ->  >
> ->  >  o patching the authentication code as Stockholm
> ->  >     http://devel.it.su.se/pub/jsp/polopoly.jsp?d=2376&a=21472
> ->  >
> ->  >  o using Guanxi Guard
> ->  >     http://codebrane.com/brane/node/7
> ->  >
> ->  >  	
> ->  >
> ->  >  ------
> ->  >  thanks
> ->  >     kevin.foote
> ->  >
> ->  >  On Fri, 25 Feb 2011, Adam Marshall wrote:
> ->  >
> ->  >  ->   Is anybody using Shibboleth with Sakai?
> ->  >  ->
> ->  >  ->   adam
> ->  >  ->   _______________________________________________
> ->  >  ->   sakai-dev mailing list
> ->  >  ->   sakai-dev at collab.sakaiproject.org
> ->  >  ->   http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> ->  >  ->
> ->  >  ->   TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> ->  >  ->
> ->  >  _______________________________________________
> ->  >  sakai-dev mailing list
> ->  >  sakai-dev at collab.sakaiproject.org
> ->  >  http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> ->  >
> ->  >  TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> ->  >
> ->
> ->
> ->  _______________________________________________
> ->  sakai-dev mailing list
> ->  sakai-dev at collab.sakaiproject.org
> ->  http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> ->
> ->  TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> ->
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>

More information about the sakai-dev mailing list