SP Without SSO...
John Mitchell
jpmitchell at alaska.edu
Thu Sep 15 22:36:15 BST 2011
Peter,
On Wed, Sep 14, 2011 at 2:08 PM, Peter Schober
<peter.schober at univie.ac.at> wrote:
> * John Mitchell <jpmitchell at alaska.edu> [2011-09-14 23:57]:
>> We have a use case for an application where a user has two sets of
>> credentials they want to use with the application. One being more
>> privileged than the other (an admin account, and a non-admin
>> account).
>
> Since the "admin account" use-case is a rather limited one (we
> probably have 10.000 times the number of students compared to admins
> for a given application) I usually recommend to use a second
> webbrowser -- or a second instance or "private browsing" mode of the
> same webbrowser -- which will not share state with the other instance
> for admin account usage.
> Beats ruining the SSO experience for everyone else (or running a
> second IdP) any day for me.
I guess so but the service owner is not real jazzed about the
additional support responsibility they have to shoulder (I lightly
suggested this). Also in our version/support constrained environment
many users are trained not to stray from the supported browser.
> -peter
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
--
John P. Mitchell <jpmitchell at alaska.edu>
907.450.8320
http://www.alaska.edu/oit/iam
"All mankind is divided into three classes: those that are immovable,
those that are movable, and those that move." - Benjamin Franklin
More information about the users
mailing list