Solicited and Unsolicited

Lohr, Donald lohrda at
Thu Apr 4 16:35:54 EDT 2019

Thanks everyone for your time on this.

On 4/3/19 12:49 PM, Lohr, Donald wrote:
> We currently have 3 SP's that support two auth models that I will 
> refer to as "Solicited" and "Unsolicited".
> Solicited: Using the SP url, user is redirected to our IdP federated 
> login page where our user would enter their loginID and password.
> Unsolicited: Our users can login to another (on-prem) application, 
> click a link and "leap-frog" (if you will) to one of these three SPs 
> using an encrypted secret (which is an agreed SAML response).
> My questions:
> Say we have an application that only does LDAP auth (like a portal of 
> sorts that does not use our IdP).  Is it possible for that application 
> to send an unsolicited SAML response to our Shibboleth IdP (an agreed 
> to response) that could be processed by the IdP as if the user did the 
> normal solicited login?  At which point, could the normal "flow" (if 
> you will) happen: 1) the user's loginID would be looked up in the LDAP 
> directory for the required attributes 2) processed by the filter & 
> replying party configuration 3) a normal SAML response generated 4) 
> the user redirected to the said SP?
> thx,
> D

More information about the users mailing list