We have implemented back-channel authentication for WSO2 Cloud via extensions.. it has certain limitations - but does the job what it is supposed to do.
We need to add 1st class support for back channel authentication to IS. Can we do it in IS 5.3.0? These are the two use cases... A) 1. There are multiple web apps and also the IdP hosted on different sub-domains under the same domain (sp1.foo.com, sp2.foo.com, idp.foo.com) 2. All the web apps use federated login with the IdP. 3. The redirect to the IdP from any of the web apps only needed - only if the user is not authenticated. Each web app - before redirecting the user to the IdP - does the backchannel authentication to check whether the user has a valid session. B) 1. There are multiple web apps and also the IdP hosted on different sub-domains under the same domain (sp1.foo.com, sp2.foo.com, idp.foo.com) 2. None of the web apps use federated login with the IdP. Each web app has its login screen. 3. Each web app - before presenting the login screen to the user - does the backchannel authentication to check whether the user has a valid session. Thanks & regards, -Prabath
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
