Understanding flow / federation
bl at moch.dk
Mon Sep 24 11:28:05 EDT 2012
On 2012-09-24 17:05, Cantor, Scott wrote:
> Yes. You *cannot* do that with the stock IdP because the IdP is not
> also an SP. Our IdP and SP are two different code bases that have
> totally different target niches. Other implementations include both in
> one language/environment so they can be more easily glued together in
> one package.
Ok, that explain some of my confusion ...
I was expecting to make, what I thought was a federation (a group of
idP's holding each there own user base and auth method).
I had hoped that the idP would not care how to get the auth, as long as
it was a service it knew of.
So, I can only make make a federation using like 2 * MS ADFS2 and then
maybe use the shibboleth-sp to take care of the rest ? What one do not
do to get rid of the MS environment :-)
Thanks for letting me know !
More information about the users