Interstitial IdP page (post-login)

Don Faulkner donf at
Mon Nov 14 18:55:39 GMT 2011

We're thinking we'd like to be able to insert a notification page into the shib authentication flow, so that a user would see the notice page after successfully authenticating to our IdP, but before being redirected back to the SP.

We'd like to use this to display to a specific user notices tied to the user's account, such as:
 * Your password expires in X days. Please click here to change it (in a new window).
 * Your account is (under attack | compromised).
 * Please contact the help desk.

and so forth. Obviously, we don't want to display messages like this all the time, only to provide a hook to display them to specific users (or maybe groups) when needed. Using the "change password" example, I imagine the page would have two action buttons on it, one continuing normally and one continuing normally after triggering a new window linking to our password change app. 

Is this sort of thing possible? Are there considerations that make this a Bad Idea(tm)?
Assuming it's possible/OK, could I get a pointer to the relevant docs or code?

I've searched for this with no results. I assume I've just not phrased the question correctly.

Don Faulkner, CISSP | IT Security at the University of Arkansas 
contact>> donf at | +1 (479) 575-2905 
connect>> uarkITS on Facebook | @uaits | @dfaulkner

More information about the users mailing list