Disguising the IDP login page
Cotton, Kim
cottonk at umsystem.edu
Fri Feb 1 11:50:18 EST 2013
We have an sp (internal to our organization) that would like to mask our IDP login page with their own login page by making a call to the IDP in an iframe. In order to make this work we'd have to specifically set a document.domain variable on the IDP login page.
My question is are there security risks we should consider? Also, are there user or political implications that might raise flags, particularly for multi campus higher education institutions? For example, users won't know they're logging in with our secure authentication system. Some have argued that's not an issue with users today.
Kim
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of users-request at shibboleth.net
Sent: Thursday, January 31, 2013 2:59 PM
To: users at shibboleth.net
Subject: users Digest, Vol 19, Issue 88
Send users mailing list submissions to
users at shibboleth.net
To subscribe or unsubscribe via the World Wide Web, visit
http://shibboleth.net/mailman/listinfo/users
or, via email, send a message with subject or body 'help' to
users-request at shibboleth.net
You can reach the person managing the list at
users-owner at shibboleth.net
When replying, please edit your Subject line so it is more specific than "Re: Contents of users digest..."
More information about the users
mailing list