Hi,
El 31/07/11 23:07, Hauke Mehrtens escribió:
> On 07/31/2011 08:49 PM, Cantor, Scott E. wrote:
>> On 7/31/11 2:44 PM, "Cantor, Scott E." <[log in to unmask]> wrote:
>>
>>> On 7/31/11 1:39 PM, "Luke Howard" <[log in to unmask]> wrote:
>>>
>>>>> Is this a good way to do so? Is someone else already working on this?
>>>> I think Roland Hedberg is?
>>> Not authentication. There's no reasonable to incorporate what the OP is
>>> asking to do. You can't expect to use browser-based authentication in
>>> conjunction with Moonshot.
> What does OP mean?
>
> So Moonshot does the authentication directly using FreeRADIUS against
> some database and uses SAML just to provide additional attributes for
> the already authenticated user? When I already have a SAML IdP running,
> I have to install FreeRADIUS, or some other radius Server, with access
> to the user database to do the authentication and the SAML IdP just
> provides the attributes?
>
In http://www.ietf.org/id/draft-perez-abfab-eap-gss-preauth-00.txt
we propose the use of the LIBERTY.idwsf-authn-svc-v2.0 profile to
request an authentication Assertion, and optionally, attribute
assertions, and other solution is to make use of the SAMLv2.0 ECP profile.
In this case, the user authentication is done, as you says, by the
RADIUs/DIAMETER server and the SAML idP is used only to issue those
assertions.
Sorry, we are on holidays here in Murcia and it will be difficult to
follow the conversation.
Best regards, Gabi.
>> (Unless of course the Moonshot client is itself a browser...)
> How does moonshot work for browsers? I is there any documentation for
> that use case?
>
> Hauke
>
> PS: Why does the mailing list cut of the people form CC, it is annoying?
--
----------------------------------------------------------------
Gabriel López Millán
Departamento de Ingeniería de la Información y las Comunicaciones
University of Murcia
Spain
Tel: +34 868888504
Fax: +34 868884151
email: [log in to unmask]
|