Passively check for session with multiple IdPs
Cantor, Scott
cantor.2 at osu.edu
Wed Nov 16 14:59:09 GMT 2011
On 11/16/11 9:35 AM, "Donald Shaw" <donald.s.shaw at gmail.com> wrote:
>
>How might an appropriate SessionInitiator for looping over 2 or more IdPs
>look?
There is none, you have to script the entire process via the lazy session
mechanism.
Some notes:
- the SP will now correctly return the client to the target resource if
you specify isPassive and it can't dispatch via a supporting initiator
(that handles the SAML 1 case)
- the SP will ignore the NoPassive error code and pass control back to the
target resource if the IdP returns that code
- any other error would terminate, so you'd have to handle errors with the
redirectErrors option
All of the features involved are poorly tested and probably buggy.
-- Scott
More information about the users
mailing list