Custom authentication and extending the login.jsp element.
PARDEE, MARTIN (MARTIN)
mlp at research.att.com
Fri Aug 31 11:02:40 EDT 2012
Back in June I started integrating a custom login handler for Shibboleth, which I have done.
The custom handler uses a web service to launch a phone call to do biometric authentication on a smart phone.
In case I forgot to, thanks to everyone who took the time to answer my (sometimes naive) questions in the past.
In order to extend this prototype to include multiple devices per user (an iPhone, iPad, Android whatever) I need to ask the user for more than just
A user ID prior to proceeding with custom authentication.
This has led me to the following dilemma:
Once I enter my shibboleth Custom Auth Handler (a servlet in idp.war) I carry on my conversation through login.jsp.
Once inside login.jsp, it appears that I have only one opportunity to obtain user data: j_username and j_password are all that this jsp allows.
What I would really like to do is redirect to a JSP (other than login.jsp) in a different Webapp, which would allow me to develop a user interface that I can extend in any way I need to.
If I attempt to use request.getRequestDispatcher().include or .forward, I get server side errors (presumably because I'm trying to invoke things outside of the idp.war webapp.
So my conclusion here is that the only way that I can make my user interface any richer than login.jsp is to bring ALL of the resources that I need for authentication support inside of idp.war. Somehow this just seems wrong.
It seems obvious that shibboleth was designed to "bridge" to external authenticators. This being the case, there must be a mechanism in here somewhere that will permit me to interact with the user in a richer way than what is available in login.jsp.
Would someone please help me understand what my options are here?
More information about the users