IDP initiated SSO

Nate Klingenstein ndk at internet2.edu
Mon Aug 6 15:32:38 EDT 2012 

Susan,

> I have the following use case:
>
>
> ·         A user logs into our app.
> ·         The user sees links to a number of SP.
> ·         IDP initiated SSO....User clicks on a link to one of the  
> SP. The SAML (Shibboleth IDP) comes into play and verifies the user  
> and his authorization).
>
> ·         The user is redirected to the SP (as he is already logged  
> in).
>
> Is this use case supported by Shibboleth , esp the Shibboleth IDP?
>

Yes.  This is the use case documented in the link I sent.

> What changes do we need to make in our app to support the  
> communication with Shibboleth IDP or is it just through some config  
> files?
>
This depends completely on the SAML SP you will be using, the  
application you have, and the integration style you choose.  Because  
every application is different, so too is every federated identity  
integration.  There are some useful general guidelines, written for  
the use of Shibboleth but generally helpful, at:

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPEnableApplication

> Where can I find a detailed installation instruction for Shibboleth  
> IDP?
>
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPInstall

> I have found a number of articles online. Most of them also require  
> installation of AD.
>
Indeed, many deployers maintain(or, at least, wrote) their own  
documentation to fold in guidelines specific to their environment.

> I want to install my app, Shibboleth IDP and a MY SQL db (to store  
> user credentials)….where can I find a document that will guide me  
> through such a setup?
>
See the above links for general guidance on the application and the IdP.

The IdP doesn't include a JDBC authentication mechanism, so for  
authentication against a MySQL database, you'll need to include a JAAS  
authentication module for the IdP when you build it.  Here's a link to  
one of the many available:

http://vcs.ics.muni.cz/viewvc/?root=shibboleth&view=head
http://frakira.fi.muni.cz/~tauceti/?Shibboleth

Unfortunately, no specific document will exist for your setup, because  
again, every integration and deployment scenario is different.  You'll  
have to work from the general resources available to you.

Take care,
Nate.

More information about the users mailing list