how to use an automated user agent to talk to a shibboleth SP

Cantor, Scott cantor.2 at
Wed Apr 23 13:46:48 EDT 2014

On 4/23/14, 1:25 PM, "Andrew Ragusa" <aragusa at> wrote:
>I'm looking to have an automated script pull data from a shibboleth
>protected web-service.  Does anyone have examples on a robust mechanism
>for this?  We have lots of people using their own IdP to talk to our SP
>and so want something that will mostly just work for everyone, or most

No such thing unless you limit the interface to the IdP. The defined way
to expose an HTTP service but use SAML is the ECP profile, but most IdPs
don't support it. Likewise, anything else would be screen scraping and
necessarily specific to some IdP(s).

If you're looking for tools that can help navigate a typical form-based
login, then webisoget from Jim Fox is one such.

But from the perspective of exposing a service in a formally supported
sense, allowing for SAML usage, the answer is ECP.

-- Scott

More information about the users mailing list