ADFS Shibboleth question

Aaron Howell aaron.howell at
Fri Apr 11 19:47:28 EDT 2014

ADFS -> Shibboleth uses a secure protocol called SAML2. 

> "I have CAS, Shib and ADFS and all need to be
> IDPs, not subordinate to any other”
This doesn’t seem like a need. Seems like a case of we want seven red perpendicular lines, but we need them drawn with green and invisible ink, one in that shape of a cat.


On 12 Apr 2014, at 2:05 am, Peter Schober <peter.schober at> wrote:

> * Rupprecht, James R. <jimrupprecht at> [2014-04-11 18:00]:
>> One thing that was not in the original list of requirements
>> here... The end goal is to allow users who have already
>> authenticated using CAS/Shib to not have to reenter their
>> credentials again for ADFS. Both directories (Active Directory being
>> used by ADFS and LDAP being used by Shib) have identical user data
>> including the users' CNs and passwords so mapping between them
>> *should* be fairly straightforward. 
> It's not a mapping problem, but one of (lack of) a secure protocol for
> SSO between seperate software systems each wanting to authenticate the
> subject using username & password, and having no protocol (nor the
> possibility to proxy from one to the other) that specifies that
> securely.
> (At least commenting the "I have CAS, Shib and ADFS and all need to be
> IDPs, not subordinate to any other" part of that.)
> -peter
> --
> To unsubscribe from this list send an email to users-unsubscribe at

Important Notice: The contents of this email are intended solely for the named addressee and are confidential; any unauthorised use, reproduction or storage of the contents is expressly prohibited. If you have received this email in error, please delete it and any attachments immediately and advise the sender by return email or telephone.

Deakin University does not warrant that this email and any attachments are error or virus free.

More information about the users mailing list