Shibbolizing Existing Application

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Shibbolizing Existing Application

tadiguy
I have an existing web application that currently interfaces to lighttpd via fcgi responder and does authentication against a local database. I'm trying to shibbolize the application and delegate AuthN/AuthZ to Shib. When I put my custom fcgi responder behind Shibauthorizer and Shibresponder I hit http 403 forbidden as others have reported (lighttpd only wants to serve static pages after the fcgi authorizer - I know there are patches for older versions of lighty, but don't want to patch lighty and can't use any other httpd).

Given the above constraints, what will be a good way to shibbolize my application without making significant changes to my existing fcgi responder? My test setup works OK if I serve static pages and I can see all the shib session variables when I go to https://myhost/Shibboleth.sso/Session.

My fcgi application is started by lighty just like Shibauthorizer and Shibresponder. How can my application use Shib and also get access to the Shib session variables (REMOTE_USER, etc.) after authentication.
Thanks.