Login box (embedded in external portals outside IdP)

Ian Rifkin irifkin at brandeis.edu
Thu May 8 12:00:40 EDT 2014


Hi,

but the problem is with top bar login which is on all public pages - we are
> not able to "simulate" this on IdP side.
>

Okay, now we're getting at the root of your requirements. So what you're
saying is they have a form that appears on all pages that allows you to
type in your username and password (not a link to a login form)?

e.g. Instead of a login button at the top like http://wordpress.com/ they
want input fields like viewing a Facebook page not logged in?

As people have said, that isn't the way an IdP is meant to work,*
if*you're having the IdP handle the authentication.

The only way I can think to make that work is if the SSO piece is handled
through that and when they click to login it does the authentication
*before it hits the IdP* (e.g. setting the username to REMOTE_USER) then
redirecting to the IdP not for authentication, but just to do whatever
lookup of information you need on the user before the authorization happens.

I don't think I'm adding anything particularly new to the conversation, but
your latest email does help explain the client's desires better.

Take care,
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140508/f6aaebda/attachment.html 


More information about the users mailing list