[adding architecture@] On Wed, May 4, 2016 at 11:04 PM, Prabath Siriwardana <[email protected]> wrote:
> We have implemented back-channel authentication for WSO2 Cloud via > extensions.. it has certain limitations - but does the job what it is > supposed to do. > > We need to add 1st class support for back channel authentication to IS. > Can we do it in IS 5.3.0? > > These are the two use cases... > > A) > > 1. There are multiple web apps and also the IdP hosted on different > sub-domains under the same domain (sp1.foo.com, sp2.foo.com, idp.foo.com) > > 2. All the web apps use federated login with the IdP. > > 3. The redirect to the IdP from any of the web apps only needed - only if > the user is not authenticated. Each web app - before redirecting the user > to the IdP - does the backchannel authentication to check whether the user > has a valid session. > > B) > > 1. There are multiple web apps and also the IdP hosted on different > sub-domains under the same domain (sp1.foo.com, sp2.foo.com, idp.foo.com) > > 2. None of the web apps use federated login with the IdP. Each web app has > its login screen. > > 3. Each web app - before presenting the login screen to the user - does > the backchannel authentication to check whether the user has a valid > session. > > Thanks & regards, > -Prabath > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
