ADFS Shibboleth question

Cantor, Scott cantor.2 at
Thu Apr 3 11:20:30 EDT 2014

On 4/3/14, 11:06 AM, "Qian, Yi" <yqian at> wrote:

>After ADFS set up, we will have 2 IdPs, Shibboleth IdP and ADFS IdP,
>Shib IdP will use CAS authentication against sun/oracle LDAP, ADFS will
>authenticate against AD.
>The requirement at the university is user can authenticate against either
>of the IdP and does not require login again

You cannot meet that requirement with the above choices.

>The puzzle here is after user login against ADFS, then access Shib-CAS
>protected resources, how Shib can intercept the SAML assertion issued by

It can't. You're being asked for the impossible, and your diagram will
have to change or the requirements will.

-- Scott

More information about the users mailing list