Discussion:
web apps to different IdP.
Emmett Culley
2014-10-13 22:39:20 UTC
Permalink
It is possible to set up a web server (Linux/Apache) to access specific IdP for each directory protected by shibd? I assumed there would be a Shibboleth option for the location directive that would tell the app which IdP to contact for authentication, but nothing turns up in my searches.

Emmett
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Nate Klingenstein
2014-10-13 22:46:05 UTC
Permalink
Emmett,

Yes, this is a common use case. See:

https://spaces.internet2.edu/display/NetPlusIDG/NET+Plus+Identity+Guidance+for+Services#NETPlusIdentityGuidanceforServices-1.1.NoUserInteraction

The Shibboleth options depend on where you're running the environment. For Apache:

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings

Thanks,
Nate.
Post by Emmett Culley
It is possible to set up a web server (Linux/Apache) to access specific IdP for each directory protected by shibd? I assumed there would be a Shibboleth option for the location directive that would tell the app which IdP to contact for authentication, but nothing turns up in my searches.
Emmett
--
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Emmett Culley
2014-10-14 13:06:29 UTC
Permalink
Thanks Nate, That appears to be exactly what I was looking for.

Emmett
Re: web apps to different IdP.
Emmett,
https://spaces.internet2.edu/display/NetPlusIDG/NET+Plus+Identity+Guidance+for+Services#NETPlusIdentityGuidanceforServices-1.1.NoUserInteraction
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings
Thanks,
Nate.
Post by Emmett Culley
It is possible to set up a web server (Linux/Apache) to access specific IdP for each directory protected by shibd? I assumed there would be a Shibboleth option for the location directive that would tell the app which IdP to contact for authentication, but nothing turns up in my searches.
Emmett
--
--
Peter Schober
2014-10-14 13:58:27 UTC
Permalink
Post by Emmett Culley
It is possible to set up a web server (Linux/Apache) to access
specific IdP for each directory protected by shibd? I assumed there
would be a Shibboleth option for the location directive that would
tell the app which IdP to contact for authentication, but nothing
turns up in my searches.
Also note that you could chose to not do this at all, and let the
subject pick her IDP in an IDP discovery service of some sort. That
way the access URL is the same for everyone, saving you manual setup
(part or all of it, if you don't do authorization in the webserver),
save IDPs from communicating a specifice access URL to their subjects,
and save subjects from having to know/remember that, instead they just
access the service at a well-known URL.
It all depends, of course.
-peter
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Loading...