Shibboleth / IdP Skinned Authentication

So far it appears that to get good adoption of centralized SSO via SAML/Shibboleth we will be forced to abandon the security best practice of a recognizable authoritative login window/page/process. We need to look at how to extend the existing Shibboleth IdP to support skinned login pages for different SPs.

​https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPassLoginPage

After initial analysis this could be done is Java Server Pages, by leveraging the idpui tags, or by developing our own login handler in Java based on the provided default login handler.

​https://wiki.shibboleth.net/confluence/display/SHIB2/IdPDevExtLoginHandler

It appears that the simplest solution may be to leverage JSPs. The most elegant solutions appears to be our on login handler.