SP Without SSO...
John Mitchell
jpmitchell at alaska.edu
Fri Sep 16 18:21:45 BST 2011
Manuel,
On Fri, Sep 16, 2011 at 12:35 AM, Manuel Haim <haim at hrz.uni-marburg.de> wrote:
> Hi John,
>
> we have written a custom login handler here which might suit some of
> your needs:
>
> a) When doing forceAuthn, you can login under a different name (the
> previous login is destroyed).
> b) For kiosk machines (detected by IP address), it shows an additional
> "Guest login" button.
> c) The IP address of the user is added to the session's
> publicCredentials (for use in attribute resolution, but please take care
> of this Security Advisory:
> http://shibboleth.internet2.edu/secadv/secadv_20110718.txt).
> d) The user can deactivate SSO when he logs in (this is done by
> combining the PreviousSession and UsernamePassword login handler to just
> one login handler which handles both). This way, the user will be asked
> to log in again for each SP. This option may also train our current
> users to understand what SSO means (as by now, without Shibboleth, they
> still need to log in to each single web application).
> e) As we have multiple user bases, the user can choose the domain he
> belongs to when logging in (e.g. "staff" or "students").
>
> Please send me an email if you would like to have a glimpse at the code.
>
That sounds like it very well could fit our use case(s). Please
provide access to the code to me. I appreciate it!
> -Manuel
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
--
John P. Mitchell <jpmitchell at alaska.edu>
907.450.8320
http://www.alaska.edu/oit/iam
"All mankind is divided into three classes: those that are immovable,
those that are movable, and those that move." - Benjamin Franklin
More information about the users
mailing list