Home > torquebox > Shibboleth settings for TorqueBox

Shibboleth settings for TorqueBox

16 July, 2011

Authentication Settings

Notes on setting up Shibboleth against an Apache Reverse Proxy to TorqueBox.

Config File: /etc/httpd/conf.d/shib.conf

ShibUseHeaders On
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user

The ‘ShibUseHeaders On‘ setting tells Shibboleth to pass along its attributes as request headers so your sinatra/rails application can gain access to them allowing you to implement your own authorisation system.

Simple Authorisation

If you don’t need a complex authorisation system and you don’t mind users seeing a standard Shibboleth authorisation error page:

You can implement this via your Shibboleth settings using the require statement:

ShibUseHeaders On
AuthType shibboleth
ShibRequestSetting requireSession 1
require grouper_groups ~ MySecurityGroup

Here we require the custom grouper_groups attribute matches on the regular expression after the ‘~‘. Basically to access the protected url the user must be a member of the MySecurityGroup.

Top Tip

When playing with your Shib settings don’t forget to restart httpd to see the affect.
sudo /sbin/service httpd restart

Advertisements
Categories: torquebox
%d bloggers like this: