How shibboleth idp verify existing session.
Divya Shirodkar
divya.shirodkar at gslab.com
Tue Mar 21 10:05:30 EDT 2017
Thanks for the reply,
I have added external flow as per this doc(
https://wiki.shibboleth.net/confluence/display/IDP30/ExternalAuthnConfiguration
)
try {
final String key =
ExternalAuthentication.startExternalAuthentication(httpRequest);
//do External Authentication
String username = httpRequest.getRemoteUser();
if (username != null) {
httpRequest.setAttribute(ExternalAuthentication.PRINCIPAL_NAME_KEY,
username);
}
ExternalAuthentication.finishExternalAuthentication(key, httpRequest,
httpResponse);
} catch (final ExternalAuthenticationException e) {
throw new ServletException("Error processing external authentication
request", e);
}
and my idp.properties file is having idp.authn.flow= Password|CustomFlow
and am able to do authentication via CustomFlow and till here everything
works fine.
Later when I hit another SP for the same flow(CustomFlow), it is asking for
credential rather then re-authentication internally.
So, basically I just want to know am I missing anything over here or do I
need to set anymore attributes before
ExternalAuthentication.finishExternalAuthentication(key, httpRequest,
httpResponse);
On Tue, Mar 21, 2017 at 7:16 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> > So could you please tell me hows shibboleth verifies the existing session
> > which makes SSO work .
>
> This isn't about the session, it's a question of selecting authentication
> flows and determining when previous results are sufficient to satisfy a
> request. That's documented in the wiki.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170321/585f0149/attachment.html>
More information about the users
mailing list