Attributes and forwarding to Relay state
Cantor, Scott
cantor.2 at osu.edu
Tue Mar 20 20:44:24 GMT 2012
On 3/20/12 4:26 PM, "Kantzer, Chris E" <ckantzer at affiniongroup.com> wrote:
>
>It looks like it's getting the attribute value correctly. But I'm not
>sure where the value of payload is being stored and how I would access
>it either through Apache or some other way.
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAcces
s
>FYI : Our SP is not protecting requests. It just is providing SSO
>capabilities for our web app deployed on Weblogic (which is on a
>different domain). Once the user is authenticated in our web app then
>all requests go straight to the web app server, bypassing the sp.
Then you're trying to use the SP as some kind of SAML offloading agent,
and you really can't do that. You will need to deploy a second SSO
protocol between the box you're protecting with the SP and the box you
actually want to protect. That's a gateway. You can't do that with a
simple redirect.
You may be better off trying to use WebLogic's SAML support directly, or
put Apache in front of your WebLogic system. I would advise you to pick
one of those options. Adding a second protocol to the picture is more
work, less secure, and likely to be more brittle.
The SP is simply not meant to be a SAML solution for some other box on
your network. There are products out there better suited to that problem.
They are much worse at the SAML part, unfortunately.
-- Scott
More information about the users
mailing list