Overview
The concept of delegated SAML authentication is similar to proxy CAS, where a delegate is able to authenticate and act on behalf of a user. This type of authentication is needed for portlets, which need to authenticate on behalf of the portal's user to a downstream application.
For a more detailed explanation of details and interactions needed to accomplish this multi-tier authentication, please refer to this page in the Internet2 Wiki.
Configuring uPortal to provide SAML Assertion to Portlets
...
To get delegated SAML Authentication working the following steps are required:
- Configure the IdP
- Configure uPortal's SP
- Configure uPortal to pass the SAML Assertion to portlets
- Then depending on your specific need for delegated authentication
Steps 1 & 2 are Shibboleth specific and questions related to those steps should be directed to the shibboleth-users email list.