Menu
▾
▴
Re: [Unity-idm-discuss] Eudat SAML - Federated authentication
|
From: Krzysztof B. <kb...@un...> - 2017-05-31 05:51:20
|
Hi Goncalo, W dniu 31.05.2017 o 07:26, Sander Apweiler pisze: > Hi Goncalo, > > We configured eduGain with an Metadata URL. We got the Metadata URL from > our NREN where we requested the eduGain membership as SP. Our > configuration in remoteSamlAuth.properties looks like this: > > unity.saml.requester.metadataSource.edugain.url=METADATAURL > unity.saml.requester.metadataSource.edugain.perMetadataTranslationProfile=YOUR_TRANSLATION_PROFILE > unity.saml.requester.metadataSource.edugain.signaturVerification=require > unity.saml.requester.metadataSource.edugain.signatureVerificationCertificate=YOUR_CERT_FROM_PKI_PROPERTIES > unity.saml.requester.metadataSource.edugain.perMetadataRegistrationForm=YOUR_REGISTRATION_FORM > A small supplement to what Sander wrote: -) regarding endpoint: at first you can add the saml authenticator to any of internal Unity endpoints, so its access will be protected by federated login. So you can test the Unity->eduGAIN part alone and the above example config covers this aprt. After you have this done, you can work on configuring your own SP(s) to authenticate using Unity. Then you will need an edpoint or endpoints in Unity to enable remote authN SP->Unity. Here you won't be forced to use SAML, you can also use OAuth. -) translation profile configures your mapping of data coming from edugain IdPs to your desired format (you can filter, modify values, names of attributes etc). Typically this is the most difficult part of configuration and most often changed. Best, Krzysztof |
