Securely passing

Michael A Grady mgrady at
Fri Dec 7 11:21:14 EST 2018

> On Dec 7, 2018, at 10:12 AM, Peter Schober <peter.schober at> wrote:
> * Howes, Nick <N.Howes at> [2018-12-07 16:49]:
>> Our v3 IdP delegates to our main proprietary login server through
>> the RemoteUser flow. This works fine but the login server only knows
>> that it's authenticating for the IdP and nothing about what relying
>> party the IdP is servicing, so we can't make any business decisions
>> on the login screen or even tell the user what they're signing in
>> to.
> I guess the External authn flow could do whatever you needed to?
> -peter
> -- 

Yes, Unicon's Shib-CAS-Authn3 extension for the IdP (using a separate CAS Server for the authentication) uses that ExternalAuthnConfiguration method, and indeed does pass the SP entityID across. so that can be done as Peter notes.

Michael A. Grady
IAM Architect, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list