Daniel Gay
2014-08-15 15:26:51 UTC
Requesting community's thoughts on best approach for following scenario:
I have an SP configured to protect several domains (each representing a
different application) and also an IDP configured with an external login
handler. Single sign-on works perfectly fine. I would like to add some
additional functionality on the IDP (all custom code that I am writing)
that would require a token be sent by the SP/protected app during the
authentication flow. What is the best way to make this token available to
my custom login handler?
To be more clear, heres what I'd like:
1. user goes to URL in browser https://myapp.mybiz.com/foo?token=abcd1234
2. SP intercepts and begins taking user through SSO flow
3. redirect occurs to IDP
4. IDP forwards request to configured login handler
5. login handler (custom Java code) somehow gets the token
It's step 5 that I'm unclear as to the best way to do that. The token
(well really, I'd like the whole URL) gets lost in the redirects, but I was
hoping that the original URL would be sent to the IDP and that I'd somehow
have that info available to my custom code.
Is this possible? Any thoughts or direction greatly appreciated.
Dan
I have an SP configured to protect several domains (each representing a
different application) and also an IDP configured with an external login
handler. Single sign-on works perfectly fine. I would like to add some
additional functionality on the IDP (all custom code that I am writing)
that would require a token be sent by the SP/protected app during the
authentication flow. What is the best way to make this token available to
my custom login handler?
To be more clear, heres what I'd like:
1. user goes to URL in browser https://myapp.mybiz.com/foo?token=abcd1234
2. SP intercepts and begins taking user through SSO flow
3. redirect occurs to IDP
4. IDP forwards request to configured login handler
5. login handler (custom Java code) somehow gets the token
It's step 5 that I'm unclear as to the best way to do that. The token
(well really, I'd like the whole URL) gets lost in the redirects, but I was
hoping that the original URL would be sent to the IDP and that I'd somehow
have that info available to my custom code.
Is this possible? Any thoughts or direction greatly appreciated.
Dan