How to support API single sign on in Shibboleth IdP

Cantor, Scott cantor.2 at
Tue May 28 15:14:16 EDT 2013

On 5/28/13 2:44 PM, "Peter Schober" <peter.schober at> wrote:

>* Yaowen Tu <yaowen.tu at> [2013-05-28 19:46]:
>> We are SP-enabled web site using OpenSAML library, and at the same time
>> have a set of Javascript APIs so that our customer can use and integrate
>> our product into their product.
>> I am wondering, what is the best way to support SSO for these Javascript
>> APIs if our product is connecting to an IdP for authentication.
>SAML (and Shibboleth) has ECP for that.

Or you'll probably be better off implementing some kind of ability for the
Javascript to tell that a login needs to happen as an error code of some
kind, and have the script trigger the browser as a whole to get the
session established.

The problem with this sort of thing is that the scripts can't handle the
UI of a normal login process, so unless basic-auth is used, you must
implement something that gets the browser involved.

-- Scott

More information about the users mailing list