Communication Protocol used by SP with TCPListener-enabled

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Communication Protocol used by SP with TCPListener-enabled

César Bernardini
Hi!

I have been testing Shibboleth in the last couple of days. I have set up a Service Provider with a TCP Listener. I want to know if there exists documentation regarding the communication between the TCP Listener and a client.

According to what I understood from the protocol is that you are making use of WDDX  for client exchange [https://en.wikipedia.org/wiki/WDDX]. But not sure exactly what are the specifications of the communication (i.e. message order, typical commands accepted).

Is there any RFC-like document over there? Or I am forced to go over the source code in order to understand this protocol?
Is there any example in the source code that already interacts with this TCP daemon?

Thanks in advance,
Cesar Bernardini
________________________________
Barracuda Networks AG
Vorsitzender des Aufsichtsrates/ Chairman of the supervisory board: Dr. Klaus Perktold
Vorstand/ Executive Board: Dr. Wieland Alge, Mag. Guenter Klausner
Sitz der Gesellschaft/ Registered office: 6020 Innsbruck, Austria
Handelsgericht Innsbruck Firmenbuch/ Registration Number: 184392s
UID-Nr/ VAT Number: ATU47509003

Zweigniederlassung Deutschland/ Office Germany: Radlkoferstr. 2, 81373 München
Handelsregister München / Registration Number: HRB 171749
UID-Nr/ VAT Number: DE237607533

===========================================================
Learn how to protect users, data, and applications with security engineered for the public cloud by Barracuda. http://barracuda.com

DISCLAIMER:
This e-mail and any attachments to it contain confidential and proprietary material of Barracuda, its affiliates or agents, and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.
===========================================================
--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Communication Protocol used by SP with TCPListener-enabled

Cantor, Scott E.
On 1/10/18, 10:16 AM, "dev on behalf of César Bernardini" <[hidden email] on behalf of [hidden email]> wrote:

>  I have been testing Shibboleth in the last couple of days. I have set up a Service Provider with a TCP Listener. I want to
> know if there exists documentation regarding the communication between the TCP Listener and a client.

No, it's not a public interface and is not callable under any circumstances. It's an internal implementation detail of the code and subject to change at any time.

>  Is there any RFC-like document over there? Or I am forced to go over the source code in order to understand this
> protocol?

You're not forced to do anything, but it's undocumented and will remain so. If you're asking from the perspective of design documentation, that's simply not something that exists, as it does not in 99% of open source projects.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Communication Protocol used by SP with TCPListener-enabled

César Bernardini
Hi Scott,

Thanks a lot for your answer. Sorry for using the word "forced". I am not intending to criticize, just trying to understand what has being done and why :)

Could you please tell me what is the point of these listeners? What are they used for in? Are they for debugging?

Best regards,
________________________________________
From: dev <[hidden email]> on behalf of Cantor, Scott <[hidden email]>
Sent: Wednesday, January 10, 2018 4:24 PM
To: Shib Dev
Subject: Re: Communication Protocol used by SP with TCPListener-enabled

On 1/10/18, 10:16 AM, "dev on behalf of César Bernardini" <[hidden email] on behalf of [hidden email]> wrote:

>  I have been testing Shibboleth in the last couple of days. I have set up a Service Provider with a TCP Listener. I want to
> know if there exists documentation regarding the communication between the TCP Listener and a client.

No, it's not a public interface and is not callable under any circumstances. It's an internal implementation detail of the code and subject to change at any time.

>  Is there any RFC-like document over there? Or I am forced to go over the source code in order to understand this
> protocol?

You're not forced to do anything, but it's undocumented and will remain so. If you're asking from the perspective of design documentation, that's simply not something that exists, as it does not in 99% of open source projects.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]
________________________________
Barracuda Networks AG
Vorsitzender des Aufsichtsrates/ Chairman of the supervisory board: Dr. Klaus Perktold
Vorstand/ Executive Board: Dr. Wieland Alge, Mag. Guenter Klausner
Sitz der Gesellschaft/ Registered office: 6020 Innsbruck, Austria
Handelsgericht Innsbruck Firmenbuch/ Registration Number: 184392s
UID-Nr/ VAT Number: ATU47509003

Zweigniederlassung Deutschland/ Office Germany: Radlkoferstr. 2, 81373 München
Handelsregister München / Registration Number: HRB 171749
UID-Nr/ VAT Number: DE237607533

===========================================================
Learn how to protect users, data, and applications with security engineered for the public cloud by Barracuda. http://barracuda.com

DISCLAIMER:
This e-mail and any attachments to it contain confidential and proprietary material of Barracuda, its affiliates or agents, and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.
===========================================================
--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Communication Protocol used by SP with TCPListener-enabled

Cantor, Scott E.
On 1/10/18, 10:38 AM, "dev on behalf of César Bernardini" <[hidden email] on behalf of [hidden email]> wrote:

> Could you please tell me what is the point of these listeners? What are they used for in? Are they for debugging?

The entire implementation is in shibd. mod_shib is just a layer in Apache that calls into shibd to do all the real work. All of the session layer is managed in a separate process because Apache is multi-process and storing sessions on the filesystem is not, in my experience, robust or reliable.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Communication Protocol used by SP with TCPListener-enabled

César Bernardini
Ok, thanks

So, it means that shibd is managing all the functionality of shibboleth service provider. mod_shib is only interacting with HTTP/S requests and whenever mod_shib needs to set RelayState, check signatures, decrypt information, it will call shibd for the functionality.

To make this system calls, there seems to be three posibilities:
* TCP socker Listener [not recommended to be used]
* Unix socket listener [recommended? i assume not]
* Some Apache inter process communication

For example, if I am unidentified and I access to the SP. The SP will request via mod_shib who I am and shibd will create an id, request the identity provider name configured in the metadata and eventually creating the relay token.

I insist with one of the previous questions: is there any example that uses the TCP Socket Listener? Unix Socket Listener?

Thanks a lot!

________________________________________
From: dev <[hidden email]> on behalf of Cantor, Scott <[hidden email]>
Sent: Wednesday, January 10, 2018 4:42 PM
To: Shib Dev
Subject: Re: Communication Protocol used by SP with TCPListener-enabled

On 1/10/18, 10:38 AM, "dev on behalf of César Bernardini" <[hidden email] on behalf of [hidden email]> wrote:

> Could you please tell me what is the point of these listeners? What are they used for in? Are they for debugging?

The entire implementation is in shibd. mod_shib is just a layer in Apache that calls into shibd to do all the real work. All of the session layer is managed in a separate process because Apache is multi-process and storing sessions on the filesystem is not, in my experience, robust or reliable.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]
________________________________
Barracuda Networks AG
Vorsitzender des Aufsichtsrates/ Chairman of the supervisory board: Dr. Klaus Perktold
Vorstand/ Executive Board: Dr. Wieland Alge, Mag. Guenter Klausner
Sitz der Gesellschaft/ Registered office: 6020 Innsbruck, Austria
Handelsgericht Innsbruck Firmenbuch/ Registration Number: 184392s
UID-Nr/ VAT Number: ATU47509003

Zweigniederlassung Deutschland/ Office Germany: Radlkoferstr. 2, 81373 München
Handelsregister München / Registration Number: HRB 171749
UID-Nr/ VAT Number: DE237607533

===========================================================
Learn how to protect users, data, and applications with security engineered for the public cloud by Barracuda. http://barracuda.com

DISCLAIMER:
This e-mail and any attachments to it contain confidential and proprietary material of Barracuda, its affiliates or agents, and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.
===========================================================
--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Communication Protocol used by SP with TCPListener-enabled

Cantor, Scott E.
On 1/10/18, 11:13 AM, "dev on behalf of César Bernardini" <[hidden email] on behalf of [hidden email]> wrote:

>  To make this system calls, there seems to be three posibilities:
> * TCP socker Listener [not recommended to be used]
> * Unix socket listener [recommended? i assume not]

I don't know where you're getting your information, but those are the two default plugins (on Windows and everywhere else). They're hardly "not recommended" since they're the only possibilities.

> For example, if I am unidentified and I access to the SP. The SP will request via mod_shib who I am and shibd will create
> an id, request the identity provider name configured in the metadata and eventually creating the relay token.

That is generally semi-inaccurate, but I have no bandwidth to spend to cover how the SP works. Logically speaking it's an Apache module the same as many others and that's all that matters, it just happens to have a separate process that has to be running. The rest is beyond the scope of user documentation.

> I insist with one of the previous questions: is there any example that uses the TCP Socket Listener? Unix Socket Listener?

All of the SP relies on the remoting code. The listeners are an implementation detail of that code and are interchangeable to the SP. There are no examples other than the source code.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]