Hi Alan,
23 nov 2011 kl. 11:51 skrev Alan Buxey:
>>
>> with help of Roland Hedberg's freeradius_pysaml2 module (not using ECP)
>> for freeradius server we managed to use a Shibboleth IdP to deliver
>> attributes for authorization. But the received SAML assertion is not
>> forwarded from freeradius server back to requesting service (e.g. SSHD).
>
> copy_request_to_tunnel
So what's the interpretation of this attribute?
I've looked around and to me it looks like this is about copying attributes from the outer to the inner tunnel before a freeradius module acts upon the info.
If I'm correct, which is far from certain, this is not what is asked for.
What we need is one of:
1) copy username, from inner to outer tunnel so the python module can listen and reply on the outer tunnel, or
2) keep the python module listening on the inner tunnel and copy the information returned by the module, from the inner to the outer tunnel.
-- Roland
|