Issue: Using differents idp's to securize different hosts

Cantor, Scott cantor.2 at
Mon Sep 12 21:34:55 BST 2011

On 9/12/11 4:21 PM, "Eduardo Fernandes" <edufer at> wrote:
>After that I have in my browser, among other cookies, the Shibboleth
>session cookie. So now I send all the cookies I got from the previous
>authentication to other site:
>http get -> go to the resource
>ok. In my config file I setup that hosts2 should be securized using idp2
>but no authentication is required.

That isn't possible, so you are mistaken about what you actually set up or
what cookies existed. Any of the cookies the SP sets are per-host by
default and will not work across hosts.

>Is there a way to oblige Shibboleth SP to force authentication even if I
>resent cookies, etc to hosts2?

It didn't and doesn't resend them.

-- Scott

More information about the users mailing list