Authenticating for each action

Patrick B patrick.bordelon at autotrader.com
Wed Sep 4 15:54:00 EDT 2013


All,
 
 I'm evaluating Shibboleth as a possible solution to the current SSO process
we currently use. 

We are currently using an SP on a proxy that connects to Active Directory
for user validation. When a user logs into the protected site AD verifies
their username and password and then returns their username and job roles.
This is then passed into the site via headers. Underneath the main site are
other protected sites that are only accessible via this proxy process. When
you access one of those daughter sites the header information is passed into
it by our proxy. The parent and daughter sites all require that the header
information be passed for each request as the sites are verifying the user's
role with each connection.

We need to know if Shibboleth handles sending the header/attributes with
each user request. If this is merely a configuration setting or if it
requires some minor setup that isn't a problem. We're trying to minimize the
level of work required to implement this ability in a new product.

I've looked through the forums and the wiki and haven't found anything that
answers my question fully.

I don't have an implementation of Shibboleth yet as we're just doing the
initial groundwork to see if it's a possible solution to our situation.

Any information would be helpful. Thank you.




--
View this message in context: http://shibboleth.1660669.n2.nabble.com/Authenticating-for-each-action-tp7589754.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.


More information about the users mailing list