http://shibboleth.1660669.n2.nabble.com/Juniper-SSLVPN-integration-td3575845.html
There are also some very clear instuction by P. Geenens (pgeneens@juniper.net).
Something I was unaware was the need to create a Sign-in policy, for instance:
User URLs Sign-In Page Authentication Realm(s) */saml/ my Sign-In Page shibboleth
Where shibboleth is the label of the Authentication Realm which uses the shibboleth authentication server.
Now, change the value of Source Site Inter-Site Transfer Service URL to
https://omissis.unitest.com/idp/profile/Shibboleth/SSO?providerId=vpn.unitest.com&shire=https://vpn.unitest.com/dana-na/auth/saml-consumer.cgi&target=https://vpn.unitest.com/samlwhere /saml is the path of the Sign-in policy page.
Now as the user connects to https://vpn.unitest.com/saml, she is redirected to shibboleth IdP login page and than back to ssl vpn.
No comments:
Post a Comment