By: hudson solomon user 22 Aug 2015 at 3:52 a.m. CDT

4 Responses
hudson solomon gravatar
I have a web application and configured with shibboleth service provider.Then i have created new relationship in gluu-server.When i click a login button in my application it redirects to gluu-server login page then user enters their credentials and redirect into my application home page.It's all works fine. Now I need a clarification from you if user enters username and password in my application and then authenticate with gluu-server ldap without gluu-server login page.(if i pass the user credentials in url). is it possible or not?

By Mohib Zico staff 22 Aug 2015 at 5:53 a.m. CDT

Mohib Zico gravatar
Not possible.

By hudson solomon user 22 Aug 2015 at 6:26 a.m. CDT

hudson solomon gravatar
Thanks Mohib.Is there any other way to do like that?If it is not possible then plz close this ticket.

By Mohib Zico staff 22 Aug 2015 at 9:44 a.m. CDT

Mohib Zico gravatar
There might be some custom solutions. You can discuss with Mike Schwartz, CEO. [Here]( is the call booking link.

By Michael Schwartz Account Admin 22 Aug 2015 at 12:26 p.m. CDT

Michael Schwartz gravatar
First of all, putting the credentials in the URL would be insecure. The best way to accomplish what you're trying to do would be to use OpenID Connect, which was designed to support mobile (i.e. non-web) applications where you can't redirect the person. In the [authentication request]( you can set "prompt=none" and "fulfill other conditions for processing" by sending the credentials. Some more links on OpenID Connect to consider. - [Slides ]( Mike Jones, Microsoft: - [Great overview]( from Travis Spencer (former ping CTO)t - Short [overview ]( OAuth2 v. OpenID Connect - Minimalist [blog]( from Nat Sakimura