IDP initiated SSO
ndk at internet2.edu
Mon Aug 6 15:32:38 EDT 2012
> I have the following use case:
> · A user logs into our app.
> · The user sees links to a number of SP.
> · IDP initiated SSO....User clicks on a link to one of the
> SP. The SAML (Shibboleth IDP) comes into play and verifies the user
> and his authorization).
> · The user is redirected to the SP (as he is already logged
> Is this use case supported by Shibboleth , esp the Shibboleth IDP?
Yes. This is the use case documented in the link I sent.
> What changes do we need to make in our app to support the
> communication with Shibboleth IDP or is it just through some config
This depends completely on the SAML SP you will be using, the
application you have, and the integration style you choose. Because
every application is different, so too is every federated identity
integration. There are some useful general guidelines, written for
the use of Shibboleth but generally helpful, at:
> Where can I find a detailed installation instruction for Shibboleth
> I have found a number of articles online. Most of them also require
> installation of AD.
Indeed, many deployers maintain(or, at least, wrote) their own
documentation to fold in guidelines specific to their environment.
> I want to install my app, Shibboleth IDP and a MY SQL db (to store
> user credentials)….where can I find a document that will guide me
> through such a setup?
See the above links for general guidance on the application and the IdP.
The IdP doesn't include a JDBC authentication mechanism, so for
authentication against a MySQL database, you'll need to include a JAAS
authentication module for the IdP when you build it. Here's a link to
one of the many available:
Unfortunately, no specific document will exist for your setup, because
again, every integration and deployment scenario is different. You'll
have to work from the general resources available to you.
More information about the users