Login box (embedded in external portals outside IdP)
paw.pogoda at gmail.com
Fri May 9 02:08:15 EDT 2014
I have tried to make authentication on client1 side (of course it's
possible), but I don't know what request should I send to IdP only to
create session cookie in right domain - there is no such API or at least I
was not able to find it. I know that the problem which I try to resolve is
not typical. I hope that I'll be able to convience client to use standard
out of the box solution.
2014-05-08 18:00 GMT+02:00 Ian Rifkin <irifkin at brandeis.edu>:
> but the problem is with top bar login which is on all public pages - we
>> are not able to "simulate" this on IdP side.
> Okay, now we're getting at the root of your requirements. So what you're
> saying is they have a form that appears on all pages that allows you to
> type in your username and password (not a link to a login form)?
> e.g. Instead of a login button at the top like http://wordpress.com/ they
> want input fields like viewing a Facebook page not logged in?
> As people have said, that isn't the way an IdP is meant to work,* if*you're having the IdP handle the authentication.
> The only way I can think to make that work is if the SSO piece is handled
> through that and when they click to login it does the authentication
> *before it hits the IdP* (e.g. setting the username to REMOTE_USER) then
> redirecting to the IdP not for authentication, but just to do whatever
> lookup of information you need on the user before the authorization happens.
> I don't think I'm adding anything particularly new to the conversation,
> but your latest email does help explain the client's desires better.
> Take care,
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users