_idp_spnego_autologin

Martin Haase Martin.Haase at DAASI.de
Mon Jun 22 06:40:00 UTC 2020 

Thanks Daniel for the clarification!

Martin

Am 18.06.20 um 11:33 schrieb Daniel Lutz:
> Martin Haase schrieb/wrote (18.06.20 09:36):
>> we noticed that the SPNEGO autologin cookie name in user-prefs.vm is
>> "_idp_spnego_autologin", whereas the Wiki still had idp_krb_enabled. Any
>> objections to have it changed?
> Thanks for the contribution.
>
> The meaning of this cookie is not the same as the "auto-login" cookie.
> Unfortunately, the example doesn't clarify this.
>
> I've just added a clarifying comment to the example on the V4 page, including
> an example for user-prefs.vm:
> https://wiki.shibboleth.net/confluence/display/IDP4/SPNEGOAuthnConfiguration#SPNEGOAuthnConfiguration-ConfigurationofanActivationCondition
>
> The origin of this example is the implementation of the "Kerberos Login Handler"
> for the V2 IdP. That one supported enabling/disabling or showing/hiding the
> SPNEGO login via the user interface. We decided not to implement this feature
> in the new implementation for V3/V4, but let the deployer configure whatever
> is required for the organisation. (But "auto-login" is a built-in feature
> of the flow.)
>
>> Furthermore, SPNEGOAutoLoginManager.java still uses another cookie name,
>> "_shib_idp_SPNEGO_enable_autologin". Could we also switch to this one,
>> adding a note in the Wiki that user-prefs.vm better had
>> _shib_idp_SPNEGO_enable_autologin? Or is there a functional difference?
> SPNEGOAutoLoginManager.java actually uses the cookie name "_idp_spnego_autologin"
> The value "_shib_idp_SPNEGO_enable_autologin" is a form parameter used in
> the SPNEGO login flow. If the corresponding checkbox is enabled on the login
> page, the flow will set the cookie "_idp_spnego_autologin" (only) if the
> SPNEGO login was successful.
>
>
>   Daniel

-- 
Dr. Martin Haase, Solutions Engineer

DAASI International GmbH        
Europaplatz 3                   
D-72072 Tübingen                
Germany                    

phone: +49 7071 407109-0
fax:   +49 7071 407109-9  
email: martin.haase at daasi.de
web:   www.daasi.de

Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz

More information about the users mailing list