1

I recently deployed a server and website that authenticates with my university's Shibboleth authentication system. Functionally, it works great. Aesthetically, there is much

When you go to the login page, the login page is redirected to the Shibboleth's server user authentication page. While it works, I would rather put a username and password text boxes on my website, and, on submission, pass those to Shibboleth.

Is it possible to use an alternate web form and have the information be passed to Shibboleth?

Brian
  • 145
  • 7

2 Answers2

2

Having your own custom login form would defeat the point of using Shibboleth. It's meant to send your users to their IdP, which they can recognize as trustworthy and authenticate there, only then to delegate the authentication and authorization assertions to the service provider.

If you're unhappy with the look and feel of your federation WAYF or the institution IdP, talk to your federation or your IdP.

(As a side note, branding and look&feel for WAYFs and IdPs to improve the user experience was one of the topic talked about at the Federated Access Management (FAM10) conference: there will probably be new things coming in the UK federation if you're part of it.)

Bruno
  • 4,069
  • 1
  • 20
  • 37
  • Thanks Bruno! That makes complete sense, and I had not thought of it from that perspective. – Brian Oct 11 '10 at 11:22
0

On the off chance anyone does still want to use this approach we've found this can be done but should be strongly evaluated for security (e.g. SSL encrypted throughout, local references as shown below).

  1. Call the client SSO directive with specified redirect end point (e.g. /shib/protected/) https://acmesite.com/Shibboleth.sso/Login?target=%2Fshib%2Fprotected%2F

    a. This really can only be done through redirects since you start hitting CORS issues if you try to pull it off with AJAX or even JSONP

  2. Post using properly named elements

    <form id="login" action="https://sso-dev.acme.com/idp/Authn/UserPassword" method="post">
    <input class="form-element form-field" name="j_username" type="text" value="">
    <input class="form-element form-field" name="j_password" type="password" value="">
    <button class="form-element form-button" type="submit">Login</button>
    </form>

J. Lawson
  • 86
  • 10