Shibboleth Developers

["Spencer W. Thomas" <>]

Scott Cantor wrote:
> The only comment I'll make is that for SAML 2.0, you *really* don't want to
> be building the request yourself. Linking to the IdP's SSO would be replaced
> by a link back to your SP's SessionInitiator. You can do this now, in fact.
>   
And, that's what I am doing.  I actually have two levels of "session
initiator".  My "/start-session" URL is designed to act as a landing
point for initiating a JSTOR session, and will forward the user directly
to JSTOR if they're already authorized (from the same IdP), or to the DS
if they're not.  From the DS, they are forwarded to the Shibboleth
SessionInitiator URL if they choose a Shibbolized organization.

=S