Disguising the IDP login page

Cotton, Kim cottonk at umsystem.edu
Fri Feb 1 11:50:18 EST 2013

We have an sp (internal to our organization) that would like to mask our IDP login page with their own login page by making a call to the IDP in an iframe.  In order to make this work we'd have to specifically set a document.domain variable on the IDP login page.  

My question is are there security risks we should consider?  Also, are there user or political implications that might raise flags, particularly for multi campus higher education institutions?  For example, users won't know they're logging in with our secure authentication system.  Some have argued that's not an issue with users today.   


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of users-request at shibboleth.net
Sent: Thursday, January 31, 2013 2:59 PM
To: users at shibboleth.net
Subject: users Digest, Vol 19, Issue 88

Send users mailing list submissions to
	users at shibboleth.net

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
	users-request at shibboleth.net

You can reach the person managing the list at
	users-owner at shibboleth.net

When replying, please edit your Subject line so it is more specific than "Re: Contents of users digest..."

More information about the users mailing list