authnContextClassRef for a specific url
Idar Borlaug
idar.borlaug at gmail.com
Mon Jun 1 05:04:52 EDT 2015
I can handle that in my application, and redirect them to shibboleth logout
url.
will redirecting to this url work, if its logged in with the wrong level?
https://yoursite.com/Shibboleth.sso/Logout?return=https://yoursite.com/highsecurity
On Mon, Jun 1, 2015 at 10:58 AM Peter Schober <peter.schober at univie.ac.at>
wrote:
> * Idar Borlaug <idar.borlaug at gmail.com> [2015-06-01 10:48]:
> > I have full control over the page returned if the wrong login is used, i
> > check the attributes in my application.
> >
> > Would a javascript redirect to logout url with redirect to the same page
> be
> > a good solution?
> > 403 page -> redirect to shibboleth.logout?url= same url
>
> I don't see how your JavaScript code would have access to the fact
> that the requested authnContextClass was not in the SAML respons, but
> that's your problem if you want to make this into a browser scripting
> issue.
> More importantly this would only change the second ("future") part of
> your issue, not the one you asked about: Anyone coming to the
> protected resource with a valid session for that Shib SP and path
> (e.g. from accessing other content first, or from IDP-initated SSO)
> would not run into a HTTP 403.
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
Idar Borlaug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150601/7052e6ff/attachment.html>
More information about the users
mailing list