Confirmation required on a Mobile SSO design

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Confirmation required on a Mobile SSO design

ashokvijayakumar
Hi Team, 

On my project we are  making POC for Mobile Single Sign on, the technology stack as below, 

Identity Provider - Shibboleth {Authentication of user with JAAS Module }

Service Provider - Amazon Web service will be hosting our REST Services.

We decided to  authenticate the users of Mobile Application using Shibboleth ECP end point.

We will  configure the IdP Session time out to the 6 months.

After the user being authenticated with Shibboleth ECP end point  for the first time with the user name and password , the subsequent authentication will be via shibboleth cookie received during first authentication. 

We are planning to make this subsequent authentication requests with the Shibboleth Cookie until the IdP Session expiry time.

It would be of great  help if  somebody could advice whether this approach holds good and if not holding good detailed explanation on disadvantages of the approach which will help us to move over to different approach for designing Mobile SSO.

Thanks,
Ashok Vijayakumar.





--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Confirmation required on a Mobile SSO design

Cantor, Scott E.
On 12/29/17, 12:03 PM, "dev on behalf of Ashok Vijayakumar" <[hidden email] on behalf of [hidden email]> wrote:

>  It would be of great  help if  somebody could advice whether this approach holds good and if not holding good detailed
> explanation on disadvantages of the approach which will help us to move over to different approach for designing
> Mobile SSO.

I've already told you that it's not. ECP is meant to be used to issue SAML assertions to give to other services, not as a substitute for an authentication service that does nothing but validate credentials. It's a waste of your time to deploy Shibboleth to do something that rudimentary.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]