ID providers other than OpenID
Hi, we work at the University of Oslo, USIT, The Research Computing Service group (Norway). We are preparing a bioinformatics portal using Galaxy and one of the requirements for the University of Oslo production is to implement an authentication called FEIDE. Feide is local (for Norway) IDp service based on saml2 which is yet different from OpenID. It supposes the existence of metadata files on the sp server side containing blocks with, e.g. (for idp) 'SingleSignOnService' => 'https://idp.feide.no/simplesaml/saml2/idp/SSOService.php', 'SingleLogoutService' => 'https://idp.feide.no/simplesaml/saml2/idp/SingleLogoutServiceiFrame.php', 'SingleLogoutServiceResponse' => 'https://idp.feide.no/simplesaml/saml2/idp/SingleLogoutServiceiFrameResponse....', 'certFingerprint' => 'cde69e332fa7dd0eaa99ee0ddf06916e8942ac53', 'hint.cidr' => '158.38.0.0/16' These blocks are read during the authentication process. Galaxy seems to be only supporting OpenID and new idp-s are added simply by adding a new url to OPENID_PROVIDER variable. Is there a solution if we have to communicate metadata between idp and sp? And ... is your egg "python_openid-2.2.5-py2.6.egg" using pysaml? Can it be rescrambled such that it can read some pysaml metadata files. Thank you in advance Nikolay Vazov -- Nikolay Vazov, PhD Research Computing Centre - http://hpc.uio.no USIT, University of Oslo
Hi Nikolai, We have implemented a connection to the SURFconext SURFnet (Netherlands) SAML IdP, and we had luck with using the open source library Shibboleth ( http://shibboleth.internet2.edu) in Apache (for instructions see https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig). Details for how to configure Galaxy with it can be found here: http://dev.uabgrid.uab.edu/wiki/Galaxy. Hope this helps! Met vriendelijke groet / Kind regards, Kees van Bochove Taskforce leader metabolomics and study capture Netherlands Bioinformatics Centre - BioAssist <kees@thehyve.nl> www.thehyve.nl E kees@thehyve.nl T +31(0)30 700 9713 M +31(0)6 10 83 53 64 Skype keesboston 2012/3/1 Nikolai Vazov <n.a.vazov@usit.uio.no>
Hi,
we work at the University of Oslo, USIT, The Research Computing Service group (Norway). We are preparing a bioinformatics portal using Galaxy and one of the requirements for the University of Oslo production is to implement an authentication called FEIDE. Feide is local (for Norway) IDp service based on saml2 which is yet different from OpenID. It supposes the existence of metadata files on the sp server side containing blocks with, e.g. (for idp)
'SingleSignOnService' => 'https://idp.feide.no/**simplesaml/saml2/idp/** SSOService.php <https://idp.feide.no/simplesaml/saml2/idp/SSOService.php> ', 'SingleLogoutService' => 'https://idp.feide.no/**simplesaml/saml2/idp/** SingleLogoutServiceiFrame.php<https://idp.feide.no/simplesaml/saml2/idp/SingleLogoutServiceiFrame.php> '**, 'SingleLogoutServiceResponse' => 'https://idp.feide.no/** simplesaml/saml2/idp/**SingleLogoutServiceiFrameRespo**nse.php<https://idp.feide.no/simplesaml/saml2/idp/SingleLogoutServiceiFrameResponse.php> ', 'certFingerprint' => '**cde69e332fa7dd0eaa99ee0ddf0691**6e8942ac53', 'hint.cidr' => '158.38.0.0/16'
These blocks are read during the authentication process.
Galaxy seems to be only supporting OpenID and new idp-s are added simply by adding a new url to OPENID_PROVIDER variable.
Is there a solution if we have to communicate metadata between idp and sp?
And ... is your egg "python_openid-2.2.5-py2.6.**egg" using pysaml? Can it be rescrambled such that it can read some pysaml metadata files.
Thank you in advance
Nikolay Vazov
-- Nikolay Vazov, PhD Research Computing Centre - http://hpc.uio.no USIT, University of Oslo
______________________________**_____________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
participants (2)
-
Kees van Bochove
-
Nikolai Vazov