Interstitial IdP page (post-login)
Don Faulkner
donf at uark.edu
Mon Nov 14 18:55:39 GMT 2011
We're thinking we'd like to be able to insert a notification page into the shib authentication flow, so that a user would see the notice page after successfully authenticating to our IdP, but before being redirected back to the SP.
We'd like to use this to display to a specific user notices tied to the user's account, such as:
* Your password expires in X days. Please click here to change it (in a new window).
* Your account is (under attack | compromised).
* Please contact the help desk.
and so forth. Obviously, we don't want to display messages like this all the time, only to provide a hook to display them to specific users (or maybe groups) when needed. Using the "change password" example, I imagine the page would have two action buttons on it, one continuing normally and one continuing normally after triggering a new window linking to our password change app.
Is this sort of thing possible? Are there considerations that make this a Bad Idea(tm)?
Assuming it's possible/OK, could I get a pointer to the relevant docs or code?
I've searched for this with no results. I assume I've just not phrased the question correctly.
--
Don Faulkner, CISSP | IT Security at the University of Arkansas
contact>> donf at uark.edu | +1 (479) 575-2905
connect>> uarkITS on Facebook | @uaits | @dfaulkner
More information about the users
mailing list