Shibboleth Developers

[Olivier Salaün - CRU <>]

I'm going on with this thread that Bob Morgan initiated two years ago with apparently no acceptable solution adopted : https://mail.internet2.edu/wws/arc/shibboleth-dev/2002-11/msg00017.html

It appears to be a major GUI issue on the WAYF side because the average user doesn't know anything about the underlying HTTP redirections and the effect cookies have on them.

I can think of two ways for providing him a way to get out of this uncomfortable situation :

1. Provide a "back to the WAYF" link in all error pages on the IdP side. The WAYF would be contacted with parameters disabling the "remember my previous choice" behavior.
2. Make the WAYF detect repeated attempts of the user. The WAYF could disable the "transparent redirection" if the user contacts the WAYF, about the same SP, within a defined period of time (let's say 5 minutes)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature