Login box (embedded in external portals outside IdP)

Tue May 6 11:47:09 EDT 2014

And that of course means your two web site services will have access to unencrypted credentials of your users, which, as Dave Perry stated, defeats (one of) the points of having an IdP.  By soliciting users’ credentials, and verifying them by submitting them to the IdP those sites are in effect harvesting users SSO credentials.  However well intentioned and well administered you believe those two web services to be, they pose additional risk of exposure or misuse of users’ credentials.  Were it mine, I would look to configure the IdP to block such requests from those sites.

David Bantz

On Tue, 6 May 2014, at 01:40 , Paweł Pogoda <paw.pogoda at gmail.com> wrote:

> Hi!
> 
> There will be still single point of authentication - single IdP, but what I want to achieve is to embed login box to different than IdP server (in fact protected web sites).
> 
> Best Regards
> Pawel
> 
> 2014-05-06 10:34 GMT+02:00 Dave Perry <Dave.Perry at hull-college.ac.uk>:
> Doesn’t that defeat the objective of an IdP?
> 
>  
> 
> _________________________________________________
> 
> Dave Perry
> eLearning Technologist, Hull College Group
> 
> Room L34 - Queens Gardens Library
> Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
> Extension 2230 / Direct Dial 01482 381930
> 
>  
> 
> Please rate our service in the annual Libraries & eLearning User survey.
> 
> You could win a £15 Amazon voucher!
> 
> For staff - http://library.hull-college.ac.uk/staffsurvey
> 
> For students - http://library.hull-college.ac.uk/survey
> 
>  
> 
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Pawel Pogoda
> Sent: 06 May 2014 08:11
> To: users at shibboleth.net
> Subject: Login box (embedded in external portals outside IdP)
> 
>  
> 
> Hi!
> 
>  
> 
> I have two web sites (separate domain) which are protected by SP, both SP are configured without discovery service to authenticate to single IdP.
> 
> Currently login page is part of IdP - standard approach.
> 
> What I want to achieve is embed two separate login box in protected web sites - login process (setting user/password) should be started on protected web sites and then data should be submitted to IdP. Is it possible?
> 
> Right now I don't know how to compose such request with data.
> 
>  
> 
> Best Regards
> 
> Pawel
> 
> This message is sent in confidence for the addressee only.  It may contain confidential or sensitive information.  The contents are not to be disclosed to anyone other than the addressee.  Unauthorised recipients are requested to preserve this confidentiality and to advise us of any errors in transmission.  Any views expressed in this message are solely the views of the individual and do not represent the views of the College.  Nothing in this message should be construed as creating a contract.
> 
> Hull College owns the email infrastructure, including the contents.
> 
> Hull College is committed to sustainability, please reflect before printing this email.
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140506/934b84f5/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://shibboleth.net/pipermail/users/attachments/20140506/934b84f5/attachment.bin 