Integrate 3rd party as one more Identity Provider

Surinaidu Majji pioneer.suri at
Mon May 4 02:12:26 EDT 2015

We have integrated shibboleth web sso into our application to authenticate
the user, The below is the process

According to shibboleth idp, the unauthenticated user is redirects to
login.jsp from idp using "ExternalAuth"(PasswordProtected) authentication
method in "handler.xml"
-  Once the user enters the username and password, the page is going to our
and authenticates the user is valid or not.
- Once the user is authenticated against database which is in external Idp,
the request will send to the
"AuthenticationEngine.returnAuthentication(request, response)".
- Based on this SAML response will be received at Service Provider, Based
on tnis the user can access the requested resource.
In the above process we have customized the following components:
 a) Service Provider - We are not using SP from Shibboleth, Here Service
Provider is our own component which fullfill our reuirement.
 b) Idp - We have customized idp as per our requirement which will have
linking with the our own database.

Now we have the precious requirement which is explained below.

We have a "Third Party" which will have its own database and authentication
service. Because of the following components i am assuming the 3rd party as
one more "IDP" like shibboleth Idp.
 1) "Third Party" will give its own "login.jsp" if the user accessed the
application is not authenticated.
 2) It has its own database to authenticate the credentials entered in the
login page.
 3) It will give the "Token" and required user information once the user is
authenticated at Database.
 4) The token will be stored at application side(SP) to identify the user
when he access the application second time without going to Third Party idp.

That's why i am calling "Third Party" as an "IDP" which is similar to
Shibboleth Idp. Is my assumption correct? Please correct me if i am wrong.

If the third party is confimed as an IDP, Can i use "discover service" to
integrate "Third Party" in the existing application(Shibboleth SSO)
If i have to use the "discover service" to discover Idp(shibboleth or Third
party), What is the main purpose of using "discovery Service", except
finding which Idp it should redirects to authenticate.If it is the case, we
can write our own discovery service, why to use shibboleth discovery?Please
confirm my understanding.

- If "third Party" is not considered as an Idp" how to integrate third
party in our current application.

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list