./security/cy2-saml, Crude SAML assertion validator for bridging WebSSO and SASL

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4nb3, Package name: cy2-saml-1.4nb3, Maintainer: manu

SASL is a method for adding authentication support to connection-based
protocols. To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating protection
of subsequent protocol interactions. If its use is negotiated, a security
layer is inserted between the protocol and the connection.

This package contains a SASL plugin that perform a crude check on a SAML
authentication assertion. The assertion signature and date are verified,
and access is granted on behalf ot the user taked for a onfigurable
attribute.

The only protection against replay attacks is the assertion validity dates
checks, this authentication is therefore secure only if the SAML
authentication assertion remains secret. The assertion has the same role
as a web cookie used for authentication.

Here is a PHP example of LDAP binding using www/ap2-auth-mellon:
$saml_msg = $_SERVER["MELLON_SAML_RESPONSE"];
$userid = $_SERVER["REMOTE_USER"];
if (ldap_sasl_bind($ds, NULL, $saml_msg, "SAML",
NULL, $userid, NULL, "none") == FALSE) {
printf("ldap_sasl_bind() failed: %s", ldap_error($ds));
exit;
}


Required to run:
[textproc/libxml2] [security/cyrus-sasl] [security/lasso]

Master sites:

SHA1: e6da912439f22970ebd3cab781a61195099c1656
RMD160: 0d9b057b01806e0fae0fb67cd5df6dde8411a0e0
Filesize: 286.214 KB

Version history: (Expand)


CVS history: (Expand)


   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2014-01-01 12:52:43 by Thomas Klausner | Files touched by this commit (776)
Log message:
Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump.
   2012-10-23 20:17:02 by Aleksej Saushev | Files touched by this commit (368)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
   2012-09-15 12:07:21 by OBATA Akio | Files touched by this commit (1789) | Package updated
Log message:
recursive bump from libffi shlib major bump
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
   2012-06-14 09:45:42 by Steven Drake | Files touched by this commit (1202)
Log message:
Recursive PKGREVISION bump for libxml2 buildlink addition.
   2012-03-03 01:14:27 by Thomas Klausner | Files touched by this commit (1657)
Log message:
Recursive bump for pcre-8.30* (shlib major change)
   2012-02-06 13:42:32 by Thomas Klausner | Files touched by this commit (1812) | Package updated
Log message:
Revbump for
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)

Enjoy.