ADFS Shibboleth question

Peter Schober peter.schober at
Fri Apr 11 12:05:37 EDT 2014

* Rupprecht, James R. <jimrupprecht at> [2014-04-11 18:00]:
> One thing that was not in the original list of requirements
> here... The end goal is to allow users who have already
> authenticated using CAS/Shib to not have to reenter their
> credentials again for ADFS. Both directories (Active Directory being
> used by ADFS and LDAP being used by Shib) have identical user data
> including the users' CNs and passwords so mapping between them
> *should* be fairly straightforward. 

It's not a mapping problem, but one of (lack of) a secure protocol for
SSO between seperate software systems each wanting to authenticate the
subject using username & password, and having no protocol (nor the
possibility to proxy from one to the other) that specifies that
(At least commenting the "I have CAS, Shib and ADFS and all need to be
IDPs, not subordinate to any other" part of that.)


More information about the users mailing list