Comments (9)
it doesn't need to be Shobboleth-eppn but it should be whatever your SP configuration is setup to return as the eppn. In my environment i don't need the Shiibboleth prefix at all since the SP is configured to return the unique username as the eppn variable.
from django-shibboleth-remoteuser.
I think your answer helps illustrate my point. :) I'm suggesting that since the SP configurations vary, best not to hard-code assumptions like "Shibboleth-eppn" or "eppn". REMOTE_USER will be set to the username as well won't it? So why not just use that?
from django-shibboleth-remoteuser.
Does mod_shib / Apache set REMOTE_USER in this case? I'm guessing it does, but I'm not sure if that would also be the case with an nginx server setup, for example. I'm brand new to Shibboleth, so it is quite possible I'm wrong, just thinking out loud.
from django-shibboleth-remoteuser.
Yes, in Apache I am getting REMOTE_USER. That's an old CGI standard, not specific to Apache. But good point, nginx might require a "proxy_set_header REMOTE_USER $remote_user;". Elsewhere, REMOTE_USER is assumed in Django documentation: https://docs.djangoproject.com/en/1.9/howto/auth-remote-user/
from django-shibboleth-remoteuser.
It comes down to a bit of what FlipperPa writes. Shib does set Remote_User but i am not sure you can say it will always set it or that it is the only possible thing that will set it. Remote_User is part of HTTP, where as eppn is part of the SAML (Security Assertion Markup Language)
from django-shibboleth-remoteuser.
In shibboleth2.xml, I have:
<ApplicationDefaults ... REMOTE_USER="upn"
So that's where I got the idea that the default_shib_attributes configuration is redundant; I've already specified what SAML attribute maps to REMOTE_USER, and I shouldn't have to repeat that configuration again for django-shibboleth-remoteuser.
from django-shibboleth-remoteuser.
If all you care about is username from shibboleth then it is probably ok to do that. I'm not going to argue with you on that point, but normally you get back more than just username so it would be a matter of being consistent.
from django-shibboleth-remoteuser.
I like the idea of switching the default to be "REMOTE_USER" for the username. In the middleware, when we grab the username from the request META, we use self.header, which defaults to REMOTE_USER in django:
username = request.META[self.header]
Of course, we're just talking about the default here - the Shib attributes can be set differently, and the default self.header can be changed also.
Any objections to making this change?
from django-shibboleth-remoteuser.
I was just going to give up, thanks @bcail. Think of this situation: Someone like me has never used Shibboleth/SAML/etc before, has to try to get something up and running for a client. With this change, the default_shib_attributes will "just work" right away, albeit just for one field. Then they can set up their own attributes and add the other fields they need.
from django-shibboleth-remoteuser.
Related Issues (20)
- In Django 1.6.5 get_fields doesn't exists HOT 3
- How is make_profile rewrite working ? HOT 2
- Remove user session instead of setting LOGOUT_SESSION_KEY on logout? HOT 7
- Shibboleth is sending null values when users are connecting which is redirecting to login page HOT 4
- Shibboleth headers not coming back when redirect URL is set HOT 2
- django-shibboleth-remoteuser won't install to virtual environment HOT 2
- Mock Shibboleth Headers HOT 5
- error with Template tags HOT 3
- install old version HOT 1
- Create a new release tag HOT 1
- Incorrect encoding HOT 8
- Problems with Django 2.1 HOT 1
- Stale request HOT 8
- Unknown AssertionConsumerServiceURL Shibboleth.sso/SAML2/POST HOT 2
- Pass request variable to authentication backend HOT 1
- urllib quote library import is incorrect for python 3 HOT 2
- 0.12 release? HOT 1
- Compatible with SP3, server variables? HOT 2
- shibboleth fields with UTF-8 content end up badly encoded via wsgi
- Stop using "url()" in urls.py from Django 4.x compatibility
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-shibboleth-remoteuser.