On 7/31/11 5:07 PM, "Hauke Mehrtens" <[log in to unmask]> wrote:
>What does OP mean?
Original poster.
>So Moonshot does the authentication directly using FreeRADIUS against
>some database
I guess that depends on the implementation or deployment.
> and uses SAML just to provide additional attributes for
>the already authenticated user?
Pretty much.
> When I already have a SAML IdP running,
>I have to install FreeRADIUS, or some other radius Server, with access
>to the user database to do the authentication and the SAML IdP just
>provides the attributes?
I don't think RADIUS is the only way to do it. DIAMETER at least has been
discussed.
>How does moonshot work for browsers? I is there any documentation for
>that use case?
Via GSS over HTTP, via SPNEGO or a modified version of it.
-- Scott
|