How to support API single sign on in Shibboleth IdP
Cantor, Scott
cantor.2 at osu.edu
Tue May 28 15:14:16 EDT 2013
On 5/28/13 2:44 PM, "Peter Schober" <peter.schober at univie.ac.at> wrote:
>* Yaowen Tu <yaowen.tu at gmail.com> [2013-05-28 19:46]:
>> We are SP-enabled web site using OpenSAML library, and at the same time
>>we
>> have a set of Javascript APIs so that our customer can use and integrate
>> our product into their product.
>>
>> I am wondering, what is the best way to support SSO for these Javascript
>> APIs if our product is connecting to an IdP for authentication.
>
>SAML (and Shibboleth) has ECP for that.
Or you'll probably be better off implementing some kind of ability for the
Javascript to tell that a login needs to happen as an error code of some
kind, and have the script trigger the browser as a whole to get the
session established.
The problem with this sort of thing is that the scripts can't handle the
UI of a normal login process, so unless basic-auth is used, you must
implement something that gets the browser involved.
-- Scott
More information about the users
mailing list