Improving the Shibboleth Identity Provider User Experience
Time 10/05/11 01:15PM-02:30PM
Some authentication attempts are known to "fail badly" with poor error messaging by the target Service Provider. Google Apps for Education has been identified as one example, in which conditions that are definable in terms of the value of user attributes provide a poor failure experience. Instead, in the case where it is known that the user does not have access to Google Apps for Education, the IdP could abort the login process with a friendly error message or a redirection to an external website.
Privacy protections under FERPA provide another motivation for a more flexible login experience. Attribute values in concert with service identities could trigger the introduction of an interstitial message regarding attribute release, but not block the users, if they are willing to proceed. Acceptable Use and Password Policy enforcement are other examples that would benefit from a flexible login experience.
This presentation will explore an effort by the University of Wisconsin-Madison in partnership with Unicon to provide a flexible user experience in the Shibboleth Identity Provider 2.x, based on integration with Spring Web Flow. The ultimate goal being a configurable and extensible login experience based on user attributes and Service Provider metadata.
Speaker Keith Hazelton University of Wisconsin-Madison