Securely passing
Michael A Grady
mgrady at unicon.net
Fri Dec 7 11:21:14 EST 2018
> On Dec 7, 2018, at 10:12 AM, Peter Schober <peter.schober at univie.ac.at> wrote:
>
> * Howes, Nick <N.Howes at warwick.ac.uk> [2018-12-07 16:49]:
>> Our v3 IdP delegates to our main proprietary login server through
>> the RemoteUser flow. This works fine but the login server only knows
>> that it's authenticating for the IdP and nothing about what relying
>> party the IdP is servicing, so we can't make any business decisions
>> on the login screen or even tell the user what they're signing in
>> to.
>
> I guess the External authn flow could do whatever you needed to?
> https://wiki.shibboleth.net/confluence/display/IDP30/ExternalAuthnConfiguration
>
> -peter
> --
Yes, Unicon's Shib-CAS-Authn3 extension for the IdP (using a separate CAS Server for the authentication) uses that ExternalAuthnConfiguration method, and indeed does pass the SP entityID across. so that can be done as Peter notes.
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181207/1a4c9ae6/attachment.html>
More information about the users
mailing list