[shib_auth] Shibboleth Protection Path
Kristof Bajnok
bajnokk at niif.hu
Fri Apr 6 14:10:52 CEST 2012
Hi Nate,
On 06/04/12 01:34, Nate Klingenstein wrote:
> Would it be possible instead to protect only the /shib_login/ path to
> eliminate the need for Shibboleth to intercept all queries to the Drupal
> environment? This is, of course, with the option "/Destroy Drupal
> session when the Shibboleth session expires/" disabled.
If the role assignment is based on attributes which are set by the SP,
then it also demands the entire Drupal path to be protected. (Sticky
roles aside.)
> I think this could somewhat improve the performance of the implementation.
If you did measurements regarding the Shibboleth SP overhead, then your
data would be very interesting to me.
Kristof
More information about the shib_auth
mailing list