Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Shibboleth and WebAuth

Russ Allbery eagle at
Wed Jul 6 14:38:33 PDT 2011

Bram Cymet <bcymet at> writes:

> I am attempting to set up Shibboleth in front of webauth and I am not
> exactly sure how to do it.

Are you sure that you mean to do things that way around, or do you mean
that you're setting up WebAuth to use as an authentication mechanism for a
Shibbleth IdP?

The latter is the common integration.  For that, you would just protect
the Shibboleth IdP login page with WebAuth and then configure Shibboleth
to use Apache authentication (via REMOTE_USER) to determine the
authenticated user.  There are recipes for how to do that in the
Shibboleth installation instructions.

> I am assuming that I use Shibboleth and an idP and then webauth is used
> as a relaying party to do the authentication. I am just not exactly sure
> how to set that up. Are there any example configuration files out there?

I think you're going down the wrong route.  WebAuth itself doesn't speak
SAML, and therefore can't be a participant in the Shibboleth SAML network
protocol.  (I'm not completely sure on what a relaying party is in the
Shibboleth context, though, so I may be partly misunderstanding what
you're saying.  Every one of these systems uses its own different,
confusing terminlogy.)

Russ Allbery <eagle at>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University

More information about the webauth-info mailing list