On Wed, Oct 12, 2005 at 03:55:19PM +0100, Paschoud,J wrote:
>
> The circular below, and the experience some distinguished guests (from
> other respectable .ac.uk institutions) in the LSE Library conference
> room the other day (our WLAN security only lets them get as far as the
> LSE websites, which - interesting as those are - could have been a bit
> frustrating ;->), prompts me to ask:
>
> Does anyone know of a hack for (or, has thought of the right way to
> hack) BlueSocket wireless access controllers so they can act as Shib
> SPs - instead of what I guess to be a proprietary name/password
> login, which (for local users) can use the LDAP (or other things) as
> authentication backend.
If the site joins the UKERNA LIN, it can use whatever local backend it
likes - in this case the Bluesocket device would communicate to a local
RADIUS server (for local users) or via the national RADIUS proxy to the
server in the visiting user's home institution.
http://www.ja.net/development/aa/lin/
It's likely the LIN will push early for 802.1x deployment rather than
web-redirect.
As an aside:
In the LICHEN project we're investigation application-oriented access
control using LIN as an authentication back end, kind of the reverse to
what you ask.
Tim
|