什么是Shibboleth服务提供商,可以并且应该为Windows Azure MVC3 Web角色安装它吗?
[英]What is Shibboleth Service Provider, can & should I install it for a Windows Azure MVC3 web role?
问题描述
Forgive me I am a Shibboleth / SAML 2 noob. 
原谅我,我是Shibboleth / SAML 2菜鸟。 Hopefully these are straightforward questions. 希望这些是直截了当的问题。
I recently posted asking whether we could do Shib / SAML 2 integration with Azure ACS . 我最近发布了询问我们是否可以与Azure ACS进行Shib / SAML 2集成的问题 。 The answers led me to believe that we could not use ACS, but implement something using the lower-level WIF + SAML2 Extensions CTP libs. 答案让我相信我们不能使用ACS,而是使用较低级别的WIF + SAML2 Extensions CTP库实现某些功能。
On a related matter I called one of our affiliates to ask if they could add our app as a Service Provider using their InCommon Federation membership. 在一个相关的问题上,我打电话给我们的一个关联公司,询问他们是否可以使用他们的InCommon Federation会员资格将我们的应用程序添加为服务提供商。 They asked me if we were going to install the Shibboleth Service Provider on the Azure machine(s) hosting our MVC3 web role. 他们问我是否要在承载MVC3 Web角色的Azure机器上安装Shibboleth Service Provider。
Until they mentioned this, I had no idea there was a Shibboleth Service Provider installer . 在他们提到这一点之前,我不知道有一个Shibboleth服务提供商安装程序 。 I was under the impression, according to everything I've read so far about SAML2, that our mvc3 web role is the service provider. 根据我到目前为止所读到的有关SAML2的所有内容,我的印象是,我们的mvc3 web角色是服务提供商。
So, what is the Shibboleth Service Provider? 那么,什么是Shibboleth服务提供商? What does it do? 它有什么作用? What value would be added by installing it on our Azure instances? 通过在Azure实例上安装它会增加什么价值? Do I have to have it in order to SSO against Shibboleth? 我是否必须拥有它才能对抗Shibboleth的SSO? or can we just do pure saml2? 或者我们可以做纯saml2?
My preference is to not install it, since it would have to be installed on each role instance, making deployment take longer. 我的偏好是不安装它,因为它必须安装在每个角色实例上,从而使部署时间更长。
1 个解决方案
解决方案1
2 已采纳 2012-01-11 18:21:37
There is some information on using Shibboleth 2 for SSO in front of your web application in this question: In order to implement SAML do I need Shibboleth SP installed on my host? 在此问题中,有一些关于在Web应用程序前使用Shibboleth 2进行SSO的信息: 为了实现SAML,我是否需要在主机上安装Shibboleth SP? ; ; the answer is linux/Java-centric. 答案是以linux / Java为中心。
The Shibboleth SP is a product that you can use in front of your existing web application, or even just in front of a particular SSO-login URL that you can add to your existing web application. Shibboleth SP是一种产品,您可以在现有Web应用程序之前使用,甚至可以在可以添加到现有Web应用程序的特定SSO登录URL之前使用。 If your application already has a notion of users, then you can simply figure out how you will map the Identity Provider's user attributes to your application users. 如果您的应用程序已经具有用户概念,那么您可以简单地弄清楚如何将Identity Provider的用户属性映射到应用程序用户。 You and your affiliated company need to come up with what you want to do to map identities from the Identity Provider to identities on your application. 您和您的关联公司需要提出您想要做的事情,以将身份提供商的身份映射到您的应用程序上的身份。 You might have some shared data, or you might be required to set up that data when the the user first uses SSO. 您可能有一些共享数据,或者在用户首次使用SSO时可能需要设置该数据。
The value that Shibboleth SP provides is that it is a product that implements all of the SAML 2.0 interactions you are likely to need. Shibboleth SP提供的价值在于它是一个实现您可能需要的所有SAML 2.0交互的产品。 It's easy to configure SAML 2.0 Web-SSO with Shibboleth and have the Shibboleth module add variables to the HTTP requests that contain all of the Attributes in the SAML 2 Assertions that the Identity Provider will be sending you. 使用Shibboleth轻松配置SAML 2.0 Web-SSO并让Shibboleth模块向HTTP请求添加变量,这些变量包含身份提供程序将向您发送的SAML 2断言中的所有属性。
If You can do all of that with Azure ACS, then there's no need to install Shibboleth. 如果您可以使用Azure ACS完成所有这些操作,则无需安装Shibboleth。 My limited understanding is that Azure ACS may already support SAML 2.0 Web SSO: http://saml.xml.org/news/windows-azure-gains-single-sign-on-support 我的理解有限,Azure ACS可能已经支持SAML 2.0 Web SSO: http : //saml.xml.org/news/windows-azure-gains-single-sign-on-support
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.