Pass authentication to another application
Nate Klingenstein
ndk at sudonym.me
Mon Sep 17 17:13:08 EDT 2018
Rob,
It sounds like you want to basically act as an authentication proxy for the
other application. You'll certainly need to know what protocols they
support.
A conventional approach would be to run a Shibboleth IdP protected by your
Shibboleth SP that re-asserts the authentication information you received
from the Ping Federate IdP to the application using SAML 2.0 as the
protocol.
The actual link in your application could directly trigger an "unsolicited"
assertion of information and a destination landing page after the SAML
transaction has completed.
https://wiki.shibboleth.net/confluence/display/IDP30/UnsolicitedSSOConfiguration
Or, you could link directly to their service and have it issue an
authentication request to your Shibboleth IdP, which would issue an
assertion in response. That is generally preferable.
Take care,
Nate.
On Mon, Sep 17, 2018 at 2:51 PM, Rob Brooks <rbrooks at biz-tech-solutions.com>
wrote:
> Hello, I use shibboleth SP to authenticate against a PING Federated IdP
> (not in my control) for my web application. I want to provide a link in my
> application that then passes this authentication on to another
> application. Can you help me to understand this process flow? The 3rd
> party application that needs authentication has its own SSO SP (not sure of
> product) and I have the ear of their developers and can suggest workflow.
> The Ping Federated server would be harder to implement change with.
>
> Thanks,
> Rob Brooks
>
>
>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180917/15d4072c/attachment.html>
More information about the users
mailing list