Solicited and Unsolicited
Lohr, Donald
lohrda at jmu.edu
Wed Apr 3 12:49:02 EDT 2019
We currently have 3 SP's that support two auth models that I will refer
to as "Solicited" and "Unsolicited".
Solicited: Using the SP url, user is redirected to our IdP federated
login page where our user would enter their loginID and password.
Unsolicited: Our users can login to another (on-prem) application, click
a link and "leap-frog" (if you will) to one of these three SPs using an
encrypted secret (which is an agreed SAML response).
My questions:
Say we have an application that only does LDAP auth (like a portal of
sorts that does not use our IdP). Is it possible for that application
to send an unsolicited SAML response to our Shibboleth IdP (an agreed to
response) that could be processed by the IdP as if the user did the
normal solicited login? At which point, could the normal "flow" (if you
will) happen: 1) the user's loginID would be looked up in the LDAP
directory for the required attributes 2) processed by the filter &
replying party configuration 3) a normal SAML response generated 4) the
user redirected to the said SP?
thx,
D
--
D o n a l d L o h r
I n f o r m a t i o n S y s t e m s
J a m e s M a d i s o n U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0
DOS: Bad command or file name
bash: command not found
More information about the users
mailing list