Shibboleth Authentication and autodiscovery

Home Page Forums Network Management RADIUS 802.1x and Captive Portal Shibboleth Authentication and autodiscovery

This topic contains 2 replies, has 0 voices, and was last updated by  enrico 7 years, 6 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #43156

    enrico
    Member

    Hello, I’m trying to understand how auto discovery works with shibboleth as authentication method for captive portal.
    It seems that zeroshell tries to perform a man in the middle, intercepting ssl requests. Is this correct? Is there source code available to study this method?

    Best regards,
    Enrico.

    #51998

    imported_fulvio
    Participant

    Hi,
    do not worry, Zeroshell couldn’t act as man in the middle in the communication between the client and the IdP if the user correctly verifies that the certificate of the IdP it’s trusted. The authentication is end-to-end tunneled on TLS so Zeroshell is not able to decrypt it. Instead it just calls a script before redirecting to the IdP/WAYF. Here is the patch for shibboleth-sp:

    http://www.zeroshell.net/listing/shibboleth-2.4.3-zeroshell-IdP-autoDiscovery.patch

    Regards
    Fulvio

    #51999

    enrico
    Member

    I think I understand you patch, but so why using WAYF of GARR IDEM federation (maybe the italian forum is more appropriate), I get redirected to my idp https://idp2.cilea.it/idp/profile/…. but the certificate presented is that of zeroshell?

    #52000

    enrico
    Member

    Sorry, GARR WAYF service configured as SAMLDS in session initiator works.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.