Thanks.
That's an interesting idea, and I'm quite sure that we could make that work, if only as a
proof of concept.
The main issue I see with it, is that it would basically double a lot of our configuration
sections - of which we have many - and make our configuration even more obscure than what
Genius !
Yes, I'll try that.
Why did I not think of that myself ?
If anything, it'll be fun to watch the log lines of authz_core and try to make
sense of them.
I don't even think that I have to extend our module, it should work just as well with
"require UMA-user valid-user" in both cases.
One
On 06.03.2020 17:18, Russell Lundberg wrote:
Andy, could your custom auth handler run before Shiboleth, test for a Shiboleth
token? If not present, use push_handler to run Shiboleth? If the Shiboleth
token or cookie is present, don’t run Shiboleth?
Well, the problem is that Shibboleth is quit
Andy, could your custom auth handler run before Shiboleth, test for a Shiboleth
token? If not present, use push_handler to run Shiboleth? If the Shiboleth
token or cookie is present, don’t run Shiboleth?
Russell
Sent from my iPhone
> On Mar 6, 2020, at 08:26, André Warnier (tomcat/perl) wrote
Hi experts.
In our Apache 2.4(+mod_perl) setups, we use the following kind of thing :
...
PerlAddAuthzProvider UMA-user AUTH::UMA2->authz_user
...
AuthName ALUtop
AuthType shibboleth
PerlSetVar UMA_AuthType "SAML2"
ShibRequestSetting requireSession 1
ShibRe
