Issue: Using differents idp's to securize different hosts
Eduardo Fernandes
edufer at gmail.com
Mon Sep 12 21:21:21 BST 2011
Hi all.
I just setup Shibboleth SP to use different IdP's using the typical
ISAPI/Site/Alias and RequestMap/Host entries in the Shibboleth2.xml file.
I'm, of course, using IIS with the ISAPI filter.
After doing that everything worked fine. The problem I have is that I'd like
to oblige each site to be securized using a specific IdP. Let me try to
explain it: I'm using the current SP version 2.4.3.
Http get: https://host1.mydomain.com/resource.html -> idp1 -> authentication
-> go to resource ok...
After that I have in my browser, among other cookies, the Shibboleth session
cookie. So now I send all the cookies I got from the previous authentication
to other site:
http get https://host2.mydomain.com/resource.html -> go to the resource ok.
In my config file I setup that hosts2 should be securized using idp2 but no
authentication is required.
Of course if I just open my browser and ask for hosts2's resource I'm
redirected to idp2 for authentication.
Is there a way to oblige Shibboleth SP to force authentication even if I
resent cookies, etc to hosts2? I read about the forceauth option but this
only will always force authentiction, right?
Many thanks for your help,
Eduardo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110912/bc55380c/attachment.html
More information about the users
mailing list