Need Help Configuring Shibboleth for Remote Auth
Cantor, Scott
cantor.2 at osu.edu
Fri Dec 11 13:07:45 EST 2015
On 12/11/15, 12:48 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>
>Not unless you have already integrated that authentication process with a web server. You can't just redirect over and back. That's SSO, that's a totally different kind of approach.
In point of fact, what you're trying to do is quite complex. You can't offload authentication from a web server entirely (the one running the IdP) without simply deploying another SSO protocol between the servers. That's not a simple or trivial thing to do, but if you really must do that, you'll probably want to use a scheme involving a simple shared secret and an HMAC to redirect a signed parameter containing the username back.
Having cooked up a scheme to do it, you can either write code outside the IdP (a filter) to populate REMOTE_USER or a header, and use the RemoteUser flow, or you can build a JSP or servlet and to mediate and use the External flow.
Those are your options.
-- Scott
More information about the users
mailing list