Shibboleth Developers

[Diomede Illuzzi <>]

We have a systems that offers contents (images or xml-based information) when it's contacted by HTTP/HTTPS GET request.

I'd like to integratethis system with the shibboleth authentication engine, so that when a request comes for a resource, the user is asked for shibboleth authentication, the problem I have is that I want also to get the image or xml file and apply some processing to it before releasing it to the client application. 

I've been trying to implement a servlet that acts as a proxy towards the system, that is intercepts the client request and pilots the saml authentication process that is triggered by the shibboleth sp. This is not easy, because the Sp, before releasing the resource, checks the presence in therequest of a particolar cookie that contains  a reference to the shibboleth/saml session).

Snooping the network traffic has not been enough to understand how to create this cookie, so I should do a carefull reverse engineering of both the idp and sp code.

Do you have any tip about this cookie, or an idea for an easier way to reach my goal?

Thanks