Shibboleth Service Provider Work Tasks Before Returning is Authenticated

Question

I am working on project where I want to use Shibboleth's Service Provider to allow customer to sign on to my application using their external identity. The trick is that I want to use my own specific Session Service and Interceptor that checks authentication instead of using Shibboleth for this.

So the essentially the workflow would be.

Customer is redirected from my Website to their specific IDP and signs in.
An authentication request comes from the external IDP to my Shibboleth SP.
After my Shibboleth SP decodes the request, I want to extract the incoming identification information(UUID) from the request, which I will map to my own internal ID (by call my own internal linking service) and create a session for the customer using my own SessionService.
After the Linking service is called and the Session is created then I want to redirect the customer to the logged in page (just return a 302), if any of the aforementioned failed I want to return a 401.

So I only want to use Shibboleth to determine who the customer is, but I will use my own specific session and I will use my own specific interceptor (which will check that session) to protect resources.

My questions are.

Do I even need Shibboleth for this use case? Cannot I not just have an external service that takes in incoming SAML request decodes it and does what I want. I don't exactly understand what I get from the Shibboleth Service provider.
How would I get my Shibboleth SP to execute these conditional tasks (checking the account linking, and create my own session) before returning to the customer that they are authenticated.

Thanks in advance for the help.

Shibboleth Service Provider Work Tasks Before Returning is Authenticated

Answers (1)

Related Questions