Shibboleth IdP Authenticaiton requirement / design confirmation for authentication of Mobile User authentication

Ashok Vijayakumar ashok.vijayk at gmail.com
Mon Dec 25 16:38:58 EST 2017


Hi Team,

We  worked on developing the authentication of users of web application
using Shibboleth IdP login page.

Now our Customer requirement was to extend this authentication mechanism to
the Mobile Users using Shibboleth IdP login page.

Our requirement list as below,

1) Users of Mobile Application needs to be authenticated using Native
Application web view by loading the Shibboleth IdP login page (ios,
Android, ODS runtime).
2) Users of Mobile Application should be authenticated via web view only
once, and next the same user should be authenticated only after six months.

Please validate the following design decisions for the above said
requirement,

1)  Designing the user authentication via Shibboleth IdP login page loaded
on to the native application web view and the  subsequent authentication
should be via Shibboleth ECP End point using the Shibboleth IdP Session
cookie stored on the browser , and here the default browser of the native
application used by the web view.  Is this valid ?  If not valid what is
the alternative to achieve this?

2)  Designing the shibboleth session time out configuration as below,
idp.session.timeout=PT4320H
idp.authn.defaultLifetime=PT4320H
idp.authn.defaultTimeout=PT259200M
Kindly validate the configuration if shibboleth is not supporting the
same, what
is the alternative to achieve force authentication of user once in six
months for mobile applicaiton?
3) Can the user authenticated via Shibboleth login page be logged out via
Shibboleth logout ECP end point with the Shibboleth IdP Session cookie?
4) Can the same instance of Shibboleth Server configured with different IdP
Session time out configuration one for web and other one for mobile? Kindly
confirm , if not possible what is the alternative?i?
Thanks,
Ashok Vijayakumar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20171225/a0b3a598/attachment.html>


More information about the users mailing list