Re: [Bodington-developers] Bodington with SP and IdP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Andrew Booth wrote:

[..snipped..]

>>>If the visitor's IdP doesn't release the eduPersonPrincipalName
> 
> attribute,
> 
>>>the visitor doesn't get in.  Yes - the users get put into the pass_phrase
>>>table with a null or dummy passphrase. If necessary, we could prevent
> 
> them
> 
>>>from logging in except via Shib.
> 
> 
>>Would having a shibb_user table be a simpler/cleaner way to get this to 
>>work?
> 
> 
> The problem there is that the pass_phrase table is a very important one. It
> is used for much more than just password authentication. If we move to a
> shib_user table, there's a lot of code that will get duplicated and/or
> changed. I'm inclined to put the shib users in with the other users and live
> with the schema change.

Ok. Looking at the call hierarchy for PassPhrase.getUserName() it seems 
to be reasonable confined to the user management stuff:

> getUserName() - org.bodington.server.realm.PassPhrase
> 	resetusername(UserManagementSession, Request, PrintWriter) - org.bodington.servlet.facilities.UserDirectoryFacility (2 matches)
> 	userdata(Request, PrintWriter, String) - org.bodington.servlet.facilities.UserDirectoryFacility
> 	getUsername(Request) - org.bodington.servlet.facilities.Facility (2 matches)
> 	listusers(Request, PrintWriter, boolean) - org.bodington.servlet.facilities.Facility (4 matches)
> 	outputAclTable(PrintWriter, Request) - org.bodington.servlet.facilities.AclDisplayFacility
> 	createUsers(BufferedReader, PrintWriter) - org.bodington.server.realm.UserManagementSessionImpl
> 	resetUserName(PrimaryKey) - org.bodington.server.realm.UserManagementSessionImpl
> 	userdata(Request, PrintWriter, String) - org.bodington.servlet.facilities.PasswordFacility
> 	denyAccess(URL) - org.bodington.servlet.facilities.FeedFacility (2 matches)
> 	chooseUserName(Zone, User, Vector) - org.bodington.server.realm.UserManagementSessionImpl

Before I dig around in the code does anyone know how X509User works? 
Does a certificate based user have an entry in the pass_phrase table aswell?

-- 
+--Matthew Buckett-----------------------------------------+
| VLE Developer, Learning Technologies Group               |
| Tel: +44 (0) 1865 283660 http://www.oucs.ox.ac.uk/       |
+------------Computing Services, University of Oxford------+