Delegated SAML Authentication

Overview

The concept of delegated SAML authentication is similar to proxy CAS, where a delegate is able to authenticate and act on behalf of a user. This type of authentication is needed for portlets, which need to authenticate on behalf of the portal's user to a downstream application.

For a more detailed explanation of details and interactions needed to accomplish this multi-tier authentication, please refer to this page in the Internet2 Wiki.

To get delegated SAML Authentication working the following steps are required:

  1. Configure the IdP
  2. Configure uPortal's SP
  3. Configure uPortal to pass the SAML Assertion to portlets
  4. Then depending on your specific need for delegated authentication
    1. Configure the Web Proxy Portlet with Delegated SAML Authentication
    2. Using the Delegated Authentication Integration Library in a custom portlet

Steps 1 & 2 are Shibboleth specific and questions related to those steps should be directed to the shibboleth-users email list.