configuration for two unrelated servers

Cantor, Scott cantor.2 at osu.edu
Fri Mar 15 13:45:37 EDT 2013


On 3/15/13 1:27 PM, "Ewert, Craig" <Craig.Ewert at dish.com> wrote:

>Thanks, Kevin.  I thought from first principles that must be the case.
>
>If I only wanted SSO, and could let W handle it's own security, could I
>have the W app send a Shibboleth/Login to A and have A hand back the SAML
>assertions it got from the IdP?  In headers, or POST body or any which
>way?  A and W are both behind a big ole firewall in a datacenter, so I'm
>not worried about traffic between them.

If you invent a protocol to do it, write all the code, etc, yes. That's
not SAML though. You're building your own SSO protocol.

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPOneMany

-- Scott




More information about the users mailing list