Ticket #1100 (new task)

Opened 9 years ago

[S] Modify SSL Client Authn Filter to Parse SAML Assertion Certificate Extension for Attributes

Reported by: pjkersha Owned by: pjkersha
Priority: required Milestone: CMIP5 Security
Component: security Version:
Keywords: security, MyProxy, SSL Authentication Cc:

Description

Certificates issued from ESG MyProxy servers contain a SAML assertion embedded in the extensions section. The Python SSL client authentication middleware should parse this and extract any attributes setting them in the user's session so that they can be pushed to the Policy Enforcement Point whenever an access control decision is needed.

This compliments the attributes provided through the OpenID Attribute Exchange interface.

Note: See TracTickets for help on using tickets.