Customization of Authentication Request handling

Aleksandar Likic aleksandar.likic at securekey.com
Tue Feb 4 18:58:55 EST 2014


Thanks. Thinking about it, my custom login handler would have a GUI, meaning dealing with things like properly handling browser back button. Clicking on the back button to go back to my hypothetical login page would probably cause the browser to resubmit authentication request from SP, right? One way to solve it would be having a redirect before the login page (following POST-REDIRECT-GET pattern) but I'd like minimize redirects and use forwards instead. I guess, in order to achieve something like this I would have somehow to tell Shibboleth that it is OK to accept repeated request from RP in this scenario? Perhaps based on the fact that we are in the middle of processing this exact request? I am guessing that this functionality is not out of the box and I would have to implement it myself? Are there any security implications with this approach?

Thanks,
Aleks

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Tuesday, February 04, 2014 6:33 PM
To: Shib Users
Subject: Re: Customization of Authentication Request handling

On 2/4/14, 6:29 PM, "Aleksandar Likic" <aleksandar.likic at securekey.com>
wrote:

>Hi, I configured Shibboleth with external authentication handler. I see 
>that the external handler URL is invoked via HTTP redirect. Is it 
>possible to configure it with HTTP forward instead?

No. The whole point of the mechanism is to integrate with an external SSO system. If the integration isn't external, just build a custom login handler, it's the same amount of work and much safer.

-- Scott


--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


More information about the users mailing list