User:Msalle@nikhef.nl
From PDP/Grid Wiki
Revision as of 12:45, 6 October 2009 by Msalle@nikhef.nl (talk | contribs)
Projects:
nl.nikhef.slcshttps
Method
Method used by the IMDI browser to obtain a certificate, see image below
User point of view (mostly):
- User clicks/chooses initialization option
- java browser starts a webbrowser
- which points to the online CA at SURFnet
- Online CA redirects webbrowser to WAYF (Where Are You From) server where user chooses his Identity Provider
- User logs in at IdP
- webbrowser redirects back to online CA. User closes webbrowser.
- After confirmation by user, java browser now connects itself to online CA
- java browser retrieves certificate from online CA
Technical overview:
- Initialization procedure:
- javabrowser creates a keypair
- javabrowser creates a certificate signing request (CSR)
- javabrowser starts a webbrowser
- the URL is the online CA + a hash of the CSR
- Online CA redirects to the browser to the IdP via a WAYF (where are you from). This is the standard Shibboleth trajectory.
- User logs in and the webbrowser sends the user back to the online CA. The URL is now rewritten using Shibboleth.
Files:
- full zip-archive (Full zip including jar file, build, and javadoc)
- zip-archive (Zip including only sources, run ant to get the rest)
- JDK1.5 jarfile
- Javadoc API
- SVN repository with source
Talks:
Note that you also need the BouncyCastle provider. Direct link to the JDK1.5 jarfile
gLite security
See e.g. Nikhef Site Access Control pages