Shibboleth Naitive SP support for the Spring Security grails plugin.

  • Tags: /
  • Latest: 1.0.3
  • Last Updated: 01 February 2012
  • Grails version: 1.3.0 > *
  • Authors: Aaron J. Zirbes
1 vote
Dependency:
compile ":spring-security-shibboleth-native-sp:1.0.3"
Custom repositories:
mavenRepo "http://repository.springsource.com/maven/bundles/release/"
mavenRepo "http://repository.springsource.com/maven/bundles/external/"

 Documentation  Source  Issues

Summary

Shibboleth Naitive SP support for the Spring Security grails plugin.

Installation

Add the following to your grails-app/conf/BuildConfig
…
plugins {
…
    compile ":spring-security-shibboleth-native-sp:1.0.1"
…
}

or run

grails install-plugin spring-security-shibboleth-native-sp

Description

The official docs are here: http://aaronzirbes.github.com/grails-spring-security-shibboleth-native-sp/

Source code is here: https://github.com/aaronzirbes/grails-spring-security-shibboleth-native-sp

Report issues here: https://github.com/aaronzirbes/grails-spring-security-shibboleth-native-sp/issues

The Shibboleth Native SP adds support for attributes exposed by a Native Shibboleth SP through Apache on up to the Java servlet container. This plugin doesn't implement the Shibboleth SP inside the java container, but uses the recommeneded Native SP provided as a server daemon and an apache module. The ensures that security vulnarabilities specific to the SP are updated in a timely fashion. This plugin let's the shibd daemon, Apache, and Tomcat do most of the heavy lifting. By the time the http request gets to the application, the only thing this plug-in does is look for the exposed attributes expected from a Shibboleth Native SP implementation and validate that they are what was expected.

Because of the nature of the Shibboleth Native SP, this plugin will only work when deployed to a shibboleth-aware servlet container. The side effect of this is that authentication via shibboleth is not available when running through the grails command line. You can only effectively use this plugin when it is deployed as a WAR to your production or staging server. To help you run your application in development mode, the spring-security-mock plugin is recommended.