SP Without SSO...

John Mitchell jpmitchell at alaska.edu
Fri Sep 16 18:21:45 BST 2011


On Fri, Sep 16, 2011 at 12:35 AM, Manuel Haim <haim at hrz.uni-marburg.de> wrote:
> Hi John,
> we have written a custom login handler here which might suit some of
> your needs:
> a) When doing forceAuthn, you can login under a different name (the
> previous login is destroyed).
> b) For kiosk machines (detected by IP address), it shows an additional
> "Guest login" button.
> c) The IP address of the user is added to the session's
> publicCredentials (for use in attribute resolution, but please take care
> of this Security Advisory:
> http://shibboleth.internet2.edu/secadv/secadv_20110718.txt).
> d) The user can deactivate SSO when he logs in (this is done by
> combining the PreviousSession and UsernamePassword login handler to just
> one login handler which handles both). This way, the user will be asked
> to log in again for each SP. This option may also train our current
> users to understand what SSO means (as by now, without Shibboleth, they
> still need to log in to each single web application).
> e) As we have multiple user bases, the user can choose the domain he
> belongs to when logging in (e.g. "staff" or "students").
> Please send me an email if you would like to have a glimpse at the code.

That sounds like it very well could fit our use case(s). Please
provide access to the code to me. I appreciate it!

> -Manuel
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

John P. Mitchell <jpmitchell at alaska.edu>

"All mankind is divided into three classes: those that are immovable,
those that are movable, and those that move." - Benjamin Franklin

More information about the users mailing list