[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sun Access Manager 7 compatibility



Hi Sampo,
  I finally got ZXID to play nice with Access Manager 7.  It seems the
encryption error I was running into a while back got fixed but then there was
a regression (0.40 timeframe?).  The regression was that AuthnRequests could
not be parsed by Access Mananger 7 as it assumed Issuer, NameID and Authnctx
would be in that order.  Attached is my patch of zxidmk.c vs 0.82 if you'd
like to include it.

To set ProtocolBinding in the Authnrequest I simply used the following:
    ZXIDConf "NICE_NAME=My Name\"
ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

Alternatively I could have just modified the SP metadata to have HTTP-POST
first but the above was easier for me and allows for some configurability.

I am working on a patch to add a new map rule to set the REMOTE_USER to the
specified attribute so that ZXID can be a drop-in replacement for other apache
authentication methods (OpenSSO, Kerberos, LDAP, Basic, etc) as far as that
header variable is concerned.

Thanks,
  Thomas

[demime 1.01d removed an attachment of type application/octet-stream which had a name of zxidmk.patch]