4500 2006-06-08 15:01 Enhancements to GridShib authentication assertion based query 2008-04-25 21:11:52 1 1 1 Unclassified GridShib GT plugin 0.4.1 All All RESOLVED FIXED P3 normal --- 1 kettimut@mcs.anl.gov kettimut@mcs.anl.gov gridshib-dev@globus.org rohder@mcs.anl.gov tfreeman@mcs.anl.gov trscavo@gmail.com vwelch@uiuc.edu kettimut@mcs.anl.gov 2006-06-08 15:01:42 Enhance SAML Authn PIP so that when it finds SAML Assertion in Proxy Cert, it does the following validation: o Proxy cert must be a level 1 proxy cert (i.e. it's issuer is a EEC) o SAML Issuer must equal X509 Proxy Issuer o X509 Proxy Issuer (i.e. DN of EEC) must be on list of trusted SAML authentication authorities (new configuration option) Deliverables: • Secured version of PIP to extract SAML ssertion from proxy • Enhanced configuration documentation explaining how to configure trusted SAML authentication authorities kettimut@mcs.anl.gov 2006-06-21 12:15:16 This is completed and is available in GridShib for GT v0.4.1 (available at http://gridshib.globus.org/download.html). Documentation on how to configure this feature and more details are available in the admin guide at http://gridshib.globus.org/docs/gridshib-gt-0.4.1/admin-index.html.