Custom authentication and extending the login.jsp element.

Paul Hethmon paul.hethmon at clareitysecurity.com
Fri Aug 31 11:07:55 EDT 2012 

Just replace login.jsp with one of your own. Once you are in the login
handler, you own the user experience and interface until you send control
back to Shibboleth. But it is a web application, so your resources (pages,
etc) must be available in the context of the web application. The easiest
is to include them in the war file.

Paul

On 8/31/12 11:02 AM, "PARDEE, MARTIN  (MARTIN)" <mlp at research.att.com>
wrote:

>Folks:
>
>Back in June I started integrating a custom login handler for Shibboleth,
>which I have done.
>
>The custom handler uses a web service to launch a phone call to do
>biometric authentication on a smart phone.
>
>In case I forgot to,  thanks to everyone who took the time to answer my
>(sometimes naive) questions in the past.
>
>In order to extend this prototype to include multiple devices per user
>(an iPhone, iPad, Android whatever) I need to ask the user for more than
>just
>A user ID prior to proceeding with custom authentication.
>
>This has led me to the following dilemma:
>
>Once I enter my shibboleth Custom Auth Handler (a servlet in idp.war) I
>carry on my conversation through login.jsp.
>
>Once inside login.jsp,  it appears that I have only one opportunity to
>obtain user data:  j_username and j_password are all that this jsp allows.
>
>
>What I would really like to do is redirect to a JSP (other than
>login.jsp) in a different Webapp, which would allow me to develop a user
>interface that I can extend in any way I need to.
>
>If I attempt to use request.getRequestDispatcher().include or .forward, I
>get server side errors (presumably because I'm trying to invoke things
>outside of the idp.war webapp.
>
>So my conclusion here is that the only way that I can make my user
>interface any richer than login.jsp is to bring ALL of the resources that
>I need for authentication support inside of idp.war. Somehow this just
>seems wrong.
>
>It seems obvious that shibboleth was designed to "bridge" to external
>authenticators. This being the case, there must be a mechanism in here
>somewhere that will permit me to interact with the user in a richer way
>than what is available in login.jsp.
>
>Would someone please help me understand what my options are here?
>
>
>Thanks 
>
>
>Martin Pardee
>
>
>
>
>
>
>
>--
>To unsubscribe from this list send an email to
>users-unsubscribe at shibboleth.net

More information about the users mailing list