how to use an automated user agent to talk to a shibboleth SP

Andrew Ragusa aragusa at
Wed Apr 23 13:50:31 EDT 2014

Hi Scott

That was pretty much the response I expected.  I just wanted to verify
that we were not missing anything before I go off and attempt to figure
out how to do all of the ECP parts.

Thanks again
A.J. Ragusa

On 4/23/14 1:46 PM, Cantor, Scott wrote:
> On 4/23/14, 1:25 PM, "Andrew Ragusa" <aragusa at> wrote:
>> I'm looking to have an automated script pull data from a shibboleth
>> protected web-service.  Does anyone have examples on a robust mechanism
>> for this?  We have lots of people using their own IdP to talk to our SP
>> and so want something that will mostly just work for everyone, or most
>> users.
> No such thing unless you limit the interface to the IdP. The defined way
> to expose an HTTP service but use SAML is the ECP profile, but most IdPs
> don't support it. Likewise, anything else would be screen scraping and
> necessarily specific to some IdP(s).
> If you're looking for tools that can help navigate a typical form-based
> login, then webisoget from Jim Fox is one such.
> But from the perspective of exposing a service in a formally supported
> sense, allowing for SAML usage, the answer is ECP.
> -- Scott
> --
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list