Delegated SAML Authentication
Overview
The concept of delegated SAML authentication is similar to proxy CAS, where a delegate is able to authenticate and act on behalf of a user. This type of authentication is needed for portlets, which need to authenticate on behalf of the portal's user to a downstream application.
For a more detailed explanation of details and interactions needed to accomplish this multi-tier authentication, please refer to this page in the Internet2 Wiki.
To get delegated SAML Authentication working the following steps are required:
- Configure the IdP
- Configure uPortal's SP
- Configure uPortal to pass the SAML Assertion to portlets
- Then depending on your specific need for delegated authentication
Steps 1 & 2 are Shibboleth specific and questions related to those steps should be directed to the shibboleth-users email list.