Liberty Alliance / SAML 2 Authentication Plugin for PAS 0.2-Unreleased-SVN (Beta release) (Nov 29, 2006)

Adding a liberty plugin instance from a plone site.
Requirement :
-------------

- lasso >= 0.6.3.
- openssl package (with openssl command).

Installing the plugin :
-----------------------

- Copy the plugin LibertyAuthPlugin directory to the zope product directory.
- Copy the plugin SOAPSupport from the liberty plugin directory LibertyAuthPlugin to zope product directory. Original SOAPSUpport product doesn't allow to read HTTP xml body from installed LibertyAuthPlugin python scripts. This modified version fix this problem by adding code to HTTPRequest.py file. HTTPRequest.py.orig is the original version of HTTPRequest.py.
- Start zope

- Adding an instance of the plugin :
-----------------------------------

- first you need to add a Plone Site instance in the root folder.
- In the plone portal instance, go to acl_users object, from the "Challenge Protocol Chosser Plugin" selection,
choose LibertyAuthPlugin and click on the Add button.
- Give an id.
- Leave Provider Role on "Service Provider".
- Give an oganism name.
- Click on Create button.

- Adding a remote Identity Provider :
-------------------------------------

- From acl_users object of portal instance, choose your previously created liberty plugin object.
- Click on "Remote Providers" option on the panel.
- In sub section "Add a new remote provider",
- Choose "Identity Provider" from Role selection.
- Choose a unique name for IDP.
- Browse and select the Identity Provider metadata file.
- Browse and select the Identity Provider public key file.

- Configuring the liberty plugin functions :
---------------------------------------------

- From the portal object acl_users, select the liberty plugin object.
- Select Authentication and activate your plugin, move it at first position if necessary.
- Select Challenge and activate your plugin, move it at first position if necessary.
- Select Extraction and activate your plugin, move it at first position if necessary.

- Configuring the metadata file publication :
---------------------------------------------
- Each Liberty plugin instance are stored in there own directory in $(ZOPE_PRODUCT)/LibertyAuthPlugin/liberty. For example, a LibertyAuthPlugin instance named "myplugin" has metadata and keys stored in : $(ZOPE_PRODUCT)/LibertyAuthPlugin/liberty/myplugin.
- From the portal object, go to "liberty" directory object, and add a File object from the metadata plugin. From previous example, metadata file would be : $(ZOPE_PRODUCT)/LibertyAuthPlugin/liberty/myplugin/metadata.xml.

- Configuring Plone portal user actions :
------------------------------------------

- From portal object, choose "portal_registration" object and add the following actions :

        - add 'singleLogout' action :
		- title : "Sign out"
		- id : "sign_out"
		- url (expression) : "string:${portal_url}/liberty/singleLogout"
		- condition : "python:request.SESSION.get('sessionDump') is not None and member"
		- permission : "(none)"
		- category : "user"
		- visible : x

	- add 'signOn' action :
		- title : "Sign on"
		- id : "sign_on"
		- url (expression) : "string:${portal_url}/liberty/signOn"
		- condition : "not:member"
		- permission : "(none)"
		- category : "user"
		- visible : x

- Adding a user token entry for user :
---------------------------------------

- From portal instance, acl_users, select the liberty plugin
- Choose "Liberty Provider", from panel options
- In the "User Tokens" section, choose a user id from the selection and click "Add" button
- User can now sign on and federate by giving the user token when asked

Tested with	Plone 2.5.1, Plone 2.5
State	Beta release
License	GPL

Liberty Alliance / SAML 2 Authentication Plugin for PAS 0.2-Unreleased-SVN (Beta release) (Nov 29, 2006)

Available downloads

Release Notes

Change log