Kevin P. Foote
kpfoote at iup.edu
Thu Nov 29 16:41:48 EST 2012
Great! Thanks Scott.
Yea I'll figure out the discovery.
"Cantor, Scott" <cantor.2 at osu.edu> wrote:
>On 11/29/12 3:41 PM, "Kevin P. Foote" <kpfoote at iup.edu> wrote:
>>I have set up the ExternalAuth handler in my config file. From what I
>>read my auth script code, whatever it is based on openid or something
>>else, needs to POST back a mocked up assertion to the location specified
>>in the handler definition. Once this is POSTed back then the SP acts as
>>normal and process the mocked assertion just as it does ones coming in
>>from an IdP .. obviously minus the security checks etc.
>>Am I conceptualizing the ExternalAuth handler correctly here?
>I wouldn't say that it processes it "normally", exactly, but I guess
>that's basically true. All of the steps involved in turning an assertion
>into a set of data about the user in a session is basically the same.
>>Am I correct in thinking I do not need any other SessionInitiator
>>elements to use this?
>Yes, in the sense that it's out of scope. I did not attempt to create a
>mechanism that would "initiate" whatever flow is being used, and am
>assuming that you are doing that as part of some discovery step yourself.
>The existing discovery related handlers are supposed to be sufficient to
>do something useful.
>For example, if your discovery interface includes an option on it that
>triggers Google, the SP never knows about it until you finish that process
>and tell it at the end. Whereas in the SAML case, the discovery UI
>redirects back into the SP to get it to generate the request.
>To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users