[squid-users] Authentication of non-standard methods

From: Trever L. Adams <trever.adams_at_gmail.com>
Date: Tue, 11 Dec 2012 15:33:45 -0700

Hello Everyone,

I am looking at Shibboleth. I have seen one example
(http://www.switch.ch/aai/support/presentations/opcom-201105/AAI-OpCom-AAI_for_mandatory_authentication_and_proxy_usage.pdf)
for using it with Squid. I am afraid it makes no sense to me.

I am afraid I do not know much about Shibboleth yet. It has three
components for authentication, user, password, domain. It has to use
redirects, etc.

I see an easy way for this to work, but need help figuring it out.

If a user isn't authenticated, I need to send them to a url.

How do I know if a user is authenticated? Well, it seems that this is
going to have to be passing the requesting client's ip address to a
program and get the response back if they are authenticated or not. It
would be nice if I could pass a user name, but I am not sure how to do
this as this would require interaction with the browser and this should
be SSO.

So, is it possible to do an auth_param to a special program that just
looks at the ip address? Have it return yes/no for if it is an
authenticated session?

If no, then do a url_rewrite_access (I am assuming this is correct)?

Finally, is it possible to have multiple authentication algorithms? Some
of the users will be local and be able to do krb5/spnego. So, if at all
possible, I would like to have the option of trying krb5, then spnego,
then Shibboleth.

Thank you for any help,
Trever

Received on Tue Dec 11 2012 - 22:33:56 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 12 2012 - 12:00:04 MST