HTTP connections from applet to server protected by Shibboleth

[Longo, John]

Our product is a java applet that communicates with a server backend via Spring/commons HttpClient.  A customer of ours has a requirement to support SAML authentication, and I'm trying to figure out how to make this happen.  I integrated siteminder support in a similar manner that I'm TRYING to implement shibboleth support, but I'm unable to successfully get through the SP/IdP in doing so.  Here's basically what we're doing:

Grab the cookies from the encapsulating jsp page that the applet is sitting in and pass them in as applet parameters.  Once the applet starts, it pulls the parameters and stores them for HttpClient/Spring to use.  Whenever a PostMethod is executed, it grabs the cookies and sets them prior to execution.  This works fine for siteminder, and the request is successfully passed to the server.  However, for shibboleth, it's not recognizing that the user/client is already authenticated and forwards the request to the IdP which returns the login page.

Is there any way to accomplish this scenario?  Am I missing something?  How does the SP/IdP validate that a connection is already authenticated and allow them to pass through to the protected resource?


Any help would be appreciated.

John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120202/8a33d41a/attachment-0001.html