Internet2 Fall 2011 Member Meeting

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Improving the Shibboleth Identity Provider User Experience

Time 10/05/11 01:15PM-02:30PM

Session Abstract

Some authentication attempts are known to "fail badly" with poor error messaging by the target Service Provider. Google Apps for Education has been identified as one example, in which conditions that are definable in terms of the value of user attributes provide a poor failure experience. Instead, in the case where it is known that the user does not have access to Google Apps for Education, the IdP could abort the login process with a friendly error message or a redirection to an external website.

Privacy protections under FERPA provide another motivation for a more flexible login experience. Attribute values in concert with service identities could trigger the introduction of an interstitial message regarding attribute release, but not block the users, if they are willing to proceed. Acceptable Use and Password Policy enforcement are other examples that would benefit from a flexible login experience.

This presentation will explore an effort by the University of Wisconsin-Madison in partnership with Unicon to provide a flexible user experience in the Shibboleth Identity Provider 2.x, based on integration with Spring Web Flow. The ultimate goal being a configurable and extensible login experience based on user attributes and Service Provider metadata.


Speaker Keith Hazelton University of Wisconsin-Madison

Speaker William Thompson Unicon

Presentation Media

Secondary tracks Internet2 NET+ Services Middleware and Federations Middleware Focus on Federations Cyberinfrastructure

silver Sponsors

bronze Sponsors

supporter Sponsors