RE: [Bodington-developers] Bodington with SP and IdP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

>> At the Bodington behind the SP, we have mapped /site and /shibsite to =
the
>> same bodington servlet.  The Shibboleth servlet filter is set to =
protect
the
>> /shibsite URLs but not the /site ones, so the same resources can be
>>shib-protected or not depending on the URL used.=20

>Would it be preferable to use one URL for all access to Bodington from =
a=20
>user support point of view?

Maybe, but we have to allow non-shib operation of Bodington so that the =
Shib
filter doesn't kick in during normal operation. Using the /site URL as
normal provides this.=20

>> One thing that we need to point out is that usernames created in the
>> SP-protected bodington are of the form use...@my... =
-
we
>> therefore need to increase the size of the username field in the
database,
>> which is currently 30 characters wide. We propose to increase it to =
128
>> characters. (The same had to be done with mvnForum to cope with =
usernames
of
>> this kind.)

>What happens if the visitor doesn't give out username information?
>So are you putting these users into the pass_phrase table?

If the visitor's IdP doesn't release the eduPersonPrincipalName =
attribute,
the visitor doesn't get in.  Yes - the users get put into the =
pass_phrase
table with a null or dummy passphrase. If necessary, we could prevent =
them
from logging in except via Shib.

Aggie