Login box (embedded in external portals outside IdP)
Peter Schober
peter.schober at univie.ac.at
Fri May 9 02:38:39 EDT 2014
* Paweł Pogoda <paw.pogoda at gmail.com> [2014-05-09 08:08]:
> I have tried to make authentication on client1 side (of course it's
> possible), but I don't know what request should I send to IdP only
> to create session cookie in right domain - there is no such API or
> at least I was not able to find it.
Where authentication actually happens usually is not a question of
aesthetics or UX, but who issues and manages credentials on behalf of
subjects. That party should also be the only one asking for
credentials.
Now if you want client1 to both ask for the credentials and actually
verify those internally you can still create sessions on the IDP
using the ExternalAuthn login handler:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthExternal
-peter
More information about the users
mailing list