Shibboleth Developers

[Walter Hoehn <>]

Can't we just do some JNDI magic to allow the session data to span 
these contexts without re-directs?

-Walter


On Dec 13, 2004, at 6:40 PM, Howard Gilbert wrote:
> So now consider a logical application split into 
> http://dummy.yale.edu/part1
> and http://dummy.yale.edu/part2. Part 1 is the main entry point 
> written by
> one group to perform the main control functions, and part2 is a 
> secondary
> war file packaged by a second group to perform supplementary 
> functions. So
> the user comes into Part1 and logs on. In fact, there is a RequestMap
> definition for host, port, and directory mapped to applicationID=xxx
> requiring authentication. Some URL, however, directs the user from 
> Part1 to
> Part2, maybe to pick up a JPG file. This is a separate context, 
> separate
> instance of the Filter, separate HttpSession object, and probably 
> separate
> cookie scope (because we don't want to confuse
> http://dummy.yale.edu/completelydifferentapplication). Since the Filter
> (Resource Manager) has no history for this user, he thinks he has to 
> logon
> again. If the WAYF has a cookie, then it is certainly true we could 
> Redirect
> to the WAYF, AA, Post back to the SHIRE, and then come back to Part2. 
> Or, we
> could redirect to http://dummy.yale.edu/shibboleth/something and let it
> decide if there is already a ShibSession (for Part1) that is scoped to 
> be
> useable (say by being mapped by the RequestMap to the same 
> applicationID) to
> Part2. If so, then we go back to Part2 immediately and it can pick up 
> the
> attributes just as if there had been a new Shire POST.

Attachment: smime.p7s
Description: S/MIME cryptographic signature