Page after authentication
Cantor, Scott
cantor.2 at osu.edu
Mon Aug 13 15:11:18 EDT 2012
> My SP protected site sends a user to the IdP login page when they type
> in https://myhost.org/secure.
You understand that's your choice?
> After authentication at the IdP it
> redirects them back to my SP site and the same url which just shows a
> bunch of session variables.
Again, that's your choice.
> I was under the impression the IdP
> controlled where the user gets redirected
How would it know?
> but they are saying that it up
> to me. They are supposed to be passing me some attributes and I want to
> send the user to a page where I can verify those attributes. From
> looking at the shibboleth2.xml file I can't see anywhere where i would
> specify that.
Well, you don't. You need to define what content you want to protect, and it's up to you to define what that content does. Models for application integration are discussed in the wiki.
I would add that the specific use case of "verify those attributes" is covered by a new feaure in the SP.
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPInterestingFeatures
See "Post-Login Hooks and Attribute Checking". I'll eventually get material about this with clearer examples in place.
-- Scott
More information about the users
mailing list