Skip to Content.
Sympa Menu

inc-librsvcs - Re: [inc-librsvcs] Authentication plus authorization in EZproxy

Subject: InCommon Library Services

List archive

Re: [inc-librsvcs] Authentication plus authorization in EZproxy


Chronological Thread 
  • From:
  • To: "Paul B. Hill" <>, David Kennedy <>
  • Cc: Rich Wenger <>, inc-librsvcs <>
  • Subject: Re: [inc-librsvcs] Authentication plus authorization in EZproxy
  • Date: Fri, 3 Apr 2009 09:24:58 -0400
At 6:47 PM -0400 4/2/09, Paul B. Hill wrote:
EZproxy, as a Shibboleth service provider, can consume user attributes that are supplied by the identity provider. And it can use those user attributes to assign users (or user sessions) to ezproxy "Groups".

In our case the authorization management cannot be determined directly via the attributes released by the identity provider. As I understand the current MIT EZproxy deployment, once the authentication has been done Rich's system calls a SOAP web service to retrieve the authorization information for the user.


Could a custom dataconnector in the IdP retrieve this info from the ROLES DB, and then send it along as an attribute?

I believe the IdP (perhaps only the version in subversion, and about to be released?) contains a SOAP client.

Archive powered by MHonArc 2.6.16.

Top of Page