Re: [EXTERNAL] RE: "Proofpoint" integration with Shibboleth.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [EXTERNAL] RE: "Proofpoint" integration with Shibboleth.

ekinseyjr
Scott,

Thanks; unfortunately for me, no two of the integrations I've completed so far have been the same, so there's no "usual" for me.  Would you be willing to share a (redacted if necessary) screen-shot of the configuration you used?  That's part of what I've yet to figure out and what I'm trying to get from the vendor.  I think I'm good to go if I can see an example of how the settings look.

Thanks again,
Ernie.


On 7/11/18, 12:44 PM, "Cantor, Scott" <[hidden email]> wrote:

    > Has anyone here had experience integrating a product called “Proofpoint
    > Protection Server” from a company called “Proofpoint Essentials” with
    > Shibboleth, or know someone who has?  I’m trying to get some information
    > to augment what I’ve gotten from the vendor so far; contact with someone
    > who’s already done this would probably fill in the remaining gaps in my
    > knowledge.

    I did it a few weeks ago (assuming it's the same product), during the course of which I verified they had a comment injection vulnerability that they subsequently patched. They don't support encryption and that has continued to be a sign that you're probably 50/50 going to find them vulnerable.

    I haven't done a write up of it. There wasn't anything unusual that I recall, apart from the bug, it was self-service configuration via web interface.

    -- Scott

    --
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to [hidden email]


________________________________

This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and proprietary information. If you are not the intended recipient, you are hereby notified that any retention, dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: [EXTERNAL] RE: "Proofpoint" integration with Shibboleth.

Cantor, Scott E.
> Thanks; unfortunately for me, no two of the integrations I've completed so
> far have been the same, so there's no "usual" for me.

I don't know what people are doing that leads them to see things in such different terms, and that I guess is why I'm not very effective at helping. To me they're almost all in about 3-4 categories. This one was in the self-setup, no key, "just give me an email address" bucket.

> Would you be willing
> to share a (redacted if necessary) screen-shot of the configuration you used?

What configuration are we talking about?

Do you mean the application page with the IdP definition? Yes, I can try and track it down when I'm done with some coding.

> That's part of what I've yet to figure out and what I'm trying to get from the
> vendor.  I think I'm good to go if I can see an example of how the settings
> look.

I kind of think you're asking about something else then, because that isn't from the vendor, you have to fill it out as with most cloud apps.

If you're looking for the SAML requirements the vendor actually *has*, due to lack of documentation, that I can go verify, I just don't recall them offhand. But I'm fairly sure it was email address only, which more or less means everything was the usual for that kind of SP, I either pulled in or mocked up some metadata, stuffed in the right NameIDFormat, released the "mail" attribute, and that was about it. The user population we had was very low, just some admins, so the email addresses causing name changes wasn't a big concern.
 
-- Scott

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [EXTERNAL] RE: "Proofpoint" integration with Shibboleth.

ekinseyjr
Scott,

Yes, it's the application page with the IdP definition I'm looking for.  If you can find the time to share that with me, it would be helpful - no big rush.

Thanks,
Ernie.

On 7/11/18, 1:48 PM, "Cantor, Scott" <[hidden email]> wrote:

    > Thanks; unfortunately for me, no two of the integrations I've completed so
    > far have been the same, so there's no "usual" for me.

    I don't know what people are doing that leads them to see things in such different terms, and that I guess is why I'm not very effective at helping. To me they're almost all in about 3-4 categories. This one was in the self-setup, no key, "just give me an email address" bucket.

    > Would you be willing
    > to share a (redacted if necessary) screen-shot of the configuration you used?

    What configuration are we talking about?

    Do you mean the application page with the IdP definition? Yes, I can try and track it down when I'm done with some coding.

    > That's part of what I've yet to figure out and what I'm trying to get from the
    > vendor.  I think I'm good to go if I can see an example of how the settings
    > look.

    I kind of think you're asking about something else then, because that isn't from the vendor, you have to fill it out as with most cloud apps.

    If you're looking for the SAML requirements the vendor actually *has*, due to lack of documentation, that I can go verify, I just don't recall them offhand. But I'm fairly sure it was email address only, which more or less means everything was the usual for that kind of SP, I either pulled in or mocked up some metadata, stuffed in the right NameIDFormat, released the "mail" attribute, and that was about it. The user population we had was very low, just some admins, so the email addresses causing name changes wasn't a big concern.

    -- Scott

    --
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to [hidden email]



________________________________

This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and proprietary information. If you are not the intended recipient, you are hereby notified that any retention, dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: [EXTERNAL] RE: "Proofpoint" integration with Shibboleth.

Cantor, Scott E.
> Yes, it's the application page with the IdP definition I'm looking for.  If you can
> find the time to share that with me, it would be helpful - no big rush.

I'll send it off list because it's larger than the list limit.

If there's something on it that you think would have been unclear because we didn't document something, please just respond on list and I'll address it.

-- Scott

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [EXTERNAL] RE: "Proofpoint" integration with Shibboleth.

ekinseyjr
Will do - thanks again.



On 7/11/18, 3:05 PM, "Cantor, Scott" <[hidden email]> wrote:

    > Yes, it's the application page with the IdP definition I'm looking for.  If you can
    > find the time to share that with me, it would be helpful - no big rush.

    I'll send it off list because it's larger than the list limit.

    If there's something on it that you think would have been unclear because we didn't document something, please just respond on list and I'll address it.

    -- Scott

    --
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to [hidden email]



________________________________

This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and proprietary information. If you are not the intended recipient, you are hereby notified that any retention, dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]