Login box (embedded in external portals outside IdP)
irifkin at brandeis.edu
Thu May 8 12:00:40 EDT 2014
but the problem is with top bar login which is on all public pages - we are
> not able to "simulate" this on IdP side.
Okay, now we're getting at the root of your requirements. So what you're
saying is they have a form that appears on all pages that allows you to
type in your username and password (not a link to a login form)?
e.g. Instead of a login button at the top like http://wordpress.com/ they
want input fields like viewing a Facebook page not logged in?
As people have said, that isn't the way an IdP is meant to work,*
if*you're having the IdP handle the authentication.
The only way I can think to make that work is if the SSO piece is handled
through that and when they click to login it does the authentication
*before it hits the IdP* (e.g. setting the username to REMOTE_USER) then
redirecting to the IdP not for authentication, but just to do whatever
lookup of information you need on the user before the authorization happens.
I don't think I'm adding anything particularly new to the conversation, but
your latest email does help explain the client's desires better.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users