Shibboleth Developers

[Chad La Joie <>]

This almost sounds like a use case for passive authentication...  I kept 
hoping Scott would be wrong that people didn't want to do that.  I 
should know better by now.

Spencer W. Thomas wrote:
> Scott Cantor wrote:
> > The only comment I'll make is that for SAML 2.0, you *really* don't want to
> > be building the request yourself. Linking to the IdP's SSO would be replaced
> > by a link back to your SP's SessionInitiator. You can do this now, in fact.
> >   
> And, that's what I am doing.  I actually have two levels of "session
> initiator".  My "/start-session" URL is designed to act as a landing
> point for initiating a JSTOR session, and will forward the user directly
> to JSTOR if they're already authorized (from the same IdP), or to the DS
> if they're not.  From the DS, they are forwarded to the Shibboleth
> SessionInitiator URL if they choose a Shibbolized organization.
>
> =S

--
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124