This post is inspired by a similar post here on another blog I follow regularly.
I tend to think of these types of URLs as "generated" URLs or "code generated" URLs. In any case what they are doing is defining a path to get to your particular authentication source and back again where you left off but, with credentials etc.
Some of us here are still in the process of shibbing up our blogging platform. This is a slow back-burner type project but none the less a fun one.
Authentication is no problem as our blog software handles container auth properly. All that is or was needed is an actual shib module defined in-house that extend the container auth that is present.
Digging deeper into the application there are other places that need a login context so this is where it is becoming fun.
The comments section is just such a section. We want users to be able to comment both anonymously and using our preferred method of logging in. Again this was overriding the current methodology in the code and creating a shibbed version doing the same thing but with our fancy new URLs.
Since shibboleth comes with the Login hooks to create a call back to the IdP this was fairly straight forward. Resulting in a URL that looks something like this..
One thing to note is that the params coming back to the shibd on your.host need to be separated with the proper encoded characters.
Posted by Kevin Foote in shibboleth on August 24, 2009
