shibboleth-dev - [Shib-Dev] ECP-IdP interaction
Subject: Shibboleth Developers
List archive
- From: Kobe <>
- To:
- Subject: [Shib-Dev] ECP-IdP interaction
- Date: Wed, 16 Mar 2011 15:18:47 -0700 (PDT)
I am trying to extend an ECP client implementation written by Jonathan Teller
(http://shibboleth.1660669.n2.nabble.com/Basic-auth-authentication-using-IdP-td6156219.html).
a) I read through the ECP profile in the SAMl2 profiles document and do not
understand how
to authenticate the principal with the IdP. My ECP client is a front for web
services that send
the credentials in basic auth headers. These services are not capable of
dealing with
a pfresentation based authentication mechanism. Hence the need for ECP. The
ECP client
would obtain the AuthnRequest from the SP and needs to send it to the IdP
for
authentication.
What I do not understand from the lines 814-818, lines 876-886 and lines
1089-1094
is how do I convey the credentials from the basic auth headers to the IdP as
a part
of the ECP-IdP dispatch of the SP-issued AuthnResponse.
b) Once the ECP client obtains the assertion from the IdP and the ECP client
has identified the
assertion consumer URL from SP's original message (lines 1052-1056), with
what protocol
(HTTP-GET or PUT) do I convey the
assertion to the SP and obtain the SP-specific session token?
Any explanations greatly appreciated...
/K
--
View this message in context:
http://shibboleth.1660669.n2.nabble.com/ECP-IdP-interaction-tp6179090p6179090.html
Sent from the Shibboleth - Developers mailing list archive at Nabble.com.
- [Shib-Dev] ECP-IdP interaction, Kobe, 03/16/2011
- Re: [Shib-Dev] ECP-IdP interaction, Scott Lowery, 03/16/2011
- RE: [Shib-Dev] ECP-IdP interaction, Cantor, Scott E., 03/16/2011
Archive powered by MHonArc 2.6.16.