Login box (embedded in external portals outside IdP)

Ian Rifkin irifkin at brandeis.edu
Wed May 7 10:05:32 EDT 2014


Client requirement is that login forms should be part of client1/2 sites
> not IdP domain (only should communicate with IdP to handle authentication).

> In my opinion solution with simple login link/button (here 'client1')
> would be the best (standard way to handle it), we even try to convince
> client to it but unfortunately without success.

You still haven't explained the business case surrounding the requirement,
other than saying that your client wants it. *Why* do they want it? What do
they hope will be accomplished by this requirement? Perhaps if you can get
more details from them regarding their desires/concerns you will be better
able to guide them to a solution.

Is it because they care about the URL? Is it because they care about the
design? Is it because they want have a custom authentication they want to
use instead?

host SSO login page on different than IdP domain only to provide user
> credentials and send this data to IdP authentication engine (to store
> session cookie)

It's certainly possible to handle SSO outside of the IdP (as Peter
mentioned), but I agree with others that it seems odd that have the login
page in one location and then try to send credentials to the IdP. This is
why I'm trying to better understand what the rationale is.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140507/05613cbc/attachment.html 

More information about the users mailing list