Hi all,
We're trying to make an end-to-end proof of concept Moonshot setup with
ssh logins.
One thing we're still missing is mapping an identified user to a local user.
Basically, when we do a succesful authentication, we get a response with
SAML attributes, including the eppn of the user. Somehow we should map
this federation identity to a site-local user account. I guess "the
correct way" would be asking the local user account from a site run SAML
Attribute Provider.
However, that's a bit heavyweight for this, so I thought we could make
local user mapping files with the SP AttributeResolver plugin. So
sometihing like this
<AttributeResolver type="Transform" source="eppn">
<Regex match="[log in to unmask]"
dest="local-login-user">localuser</Regex>
</AttributeResolver>
However every time I try to do anything with this I get a segfault from
gss-server (end of the log below).
Is there some fundamental problem in doing this (e.g. making some
message too big), or is this just a bug somewhere? This system is based
on the moonshot live DVD.
Cheers,
Kalle
End of strace log
write(1, "2013-05-27 16:14:51 WARN Shibbol"..., 5552013-05-27 16:14:51
WARN Shibboleth.Application : empty/missing cookieProps setting, set to
"https" for SSL/TLS-only usage
2013-05-27 16:14:51 WARN Shibboleth.Application : handlerSSL should be
enabled for SSL/TLS-enabled web sites
2013-05-27 16:14:52 WARN Shibboleth.AttributeExtractor.XML : attribute
mappings are reloadable; be sure to restart web server when adding new
attribute IDs
Sending accept_sec_context token (size=40):
a1 26 30 24 a0 03 0a 01 01 a2 1d 04 1b 60 19 06
09 2b 06 01 05 05 0f 01 01 11 06 02 80 00 00 05
00 00 00 04 03 08 00 04
) = 555
send(4, "\2", 1, 0) = 1
send(4, "\0\0\0(", 4, 0) = 4
send(4,
"\241&0$\240\3\n\1\1\242\35\4\33`\31\6\t+\6\1\5\5\17\1\1\21\6\2\200\0\0\5"...,
40, 0) = 40
write(1, "continue needed...\n", 19continue needed...
) = 19
select(1024, [4], NULL, NULL, {10, 0}) = 1 (in [4], left {9, 962120})
recv(4, "\2", 1, 0) = 1
select(1024, [4], NULL, NULL, {10, 0}) = 1 (in [4], left {9, 999611})
recv(4, "\0\0\0<", 4, 0) = 4
select(1024, [4], NULL, NULL, {10, 0}) = 1 (in [4], left {9, 999998})
recv(4,
"\241:08\240\3\n\1\1\2421\4/`-\6\t+\6\1\5\5\17\1\1\21\6\1\0\0\0\f"...,
60, 0) = 60
write(1, "Received token (size=60): \na1 3a"..., 211Received token
(size=60):
a1 3a 30 38 a0 03 0a 01 01 a2 31 04 2f 60 2d 06
09 2b 06 01 05 05 0f 01 01 11 06 01 00 00 00 0c
00 00 00 04 00 00 00 02 80 00 00 0d 00 00 00 0c
ec 64 39 e5 b8 b9 90 b6 66 a8 d2 1e
) = 211
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
--
Kalle Happonen
Järjestelmäasiantuntija
CSC - Tieteen tietotekniikan keskus Oy
PL 405, 02101 Espoo
(09) 457 2261, [log in to unmask]
Kalle Happonen
Systems Specialist
CSC - IT Center for Science Ltd.
P.O. BOX 405, FI-02101 Espoo, Finland
+358 9 457 2261, [log in to unmask]
www.csc.fi
|