Solicited and Unsolicited
lohrda at jmu.edu
Thu Apr 4 16:35:54 EDT 2019
Thanks everyone for your time on this.
On 4/3/19 12:49 PM, Lohr, Donald wrote:
> We currently have 3 SP's that support two auth models that I will
> refer to as "Solicited" and "Unsolicited".
> Solicited: Using the SP url, user is redirected to our IdP federated
> login page where our user would enter their loginID and password.
> Unsolicited: Our users can login to another (on-prem) application,
> click a link and "leap-frog" (if you will) to one of these three SPs
> using an encrypted secret (which is an agreed SAML response).
> My questions:
> Say we have an application that only does LDAP auth (like a portal of
> sorts that does not use our IdP). Is it possible for that application
> to send an unsolicited SAML response to our Shibboleth IdP (an agreed
> to response) that could be processed by the IdP as if the user did the
> normal solicited login? At which point, could the normal "flow" (if
> you will) happen: 1) the user's loginID would be looked up in the LDAP
> directory for the required attributes 2) processed by the filter &
> replying party configuration 3) a normal SAML response generated 4)
> the user redirected to the said SP?
More information about the users