Shibboleth integration (Windows version)

AJS 4.x

Manual

Note! This Manual is for the "Windows authentication" version, which is designed to work with existing Windows server or Active Directory accounts and Windows authentication. If you want to create accounts by yourself and store their credentials in your own HTTP Commander XML database, you need to download the "Forms authentication" version! This Manual is for the Windows authentication version only!

Web file manager

Free Installation assistance

Manual Home page

Shibboleth integration

In Shibboleth authentication mode HTTP Commander delegates authentication to Shibboleth Service provider. HTTP Commander does not perform authentication, it expects that all request reaching the application are already authenticated. Web file manager extracts name and groups (if available) of the current user and uses that information to make authorization decisions (for example, what folders to map).

Admin Panel allows you to assign folders to users. Note that list of users and groups is not available, you cannot edit or add users and groups. Logout button does not function.

To install Shibboleth Service Provider, please read manual.

IIS configuration should be done according to Shibboleth Service Provider configuration manual. HTTP Commander does not require any special settings in IIS.

In Shibboleth authentication mode all request are processed under the same identity — identity of the application pool. Users are not impersonated. You cannot use NTFS permissions to assign different access to different users, use HTTP Commander folder permissions to assign desired level of access to users.

To make HTTP Commander use Shibboleth authentication, follow these steps:

Use only "Forms authentication" version!

In the Web.config file (at root folder (HTCOMNET) of HTTP Commander), add the ShibbolethAuthenticationModule module (if it is absent):

<configuration>
    ...
    <system.web>
        ...
        <httpModules>
            ...
            <add name="ShibbolethAuthenticationModule" type="HttpCommander.ShibbolethAuthenticationModule, HttpCommander" />
            ...
        </httpModules>
        ...
    </system.web>
    ...
    <system.webServer>
        ...
        <modules runAllManagedModulesForAllRequests="true">
            ...
            <add name="ShibbolethAuthenticationModule" type="HttpCommander.ShibbolethAuthenticationModule, HttpCommander" preCondition="integratedMode" />
            ...
        </modules>
        ...
    </system.webServer>
    ...
</configuration>

In the Admin Panel on the Settings tab, set the following settings:
Main/WindowsUsersWithFormAuth=false
NovellEDirectory/EDirectory=false
Shibboleth/EnableShibbolethAuthentication=true

Press the Save settings and Restart application buttons.
See also other additional settings and Manual configuration of authentication mode.
For more info, please read Shibboleth 2 Wiki.