Shibboleth IdP configuration with simplified backend

Cantor, Scott cantor.2 at
Wed Apr 30 11:50:30 EDT 2014

On 4/30/14, 11:18 AM, "Marek Denis" <marek.denis at> wrote:
>@Kevin - ECP on is a great news. I will not have to spend
>time on my own IdP (which i don't really need).

I don't know if the IdP has it enabled, what Kevin specifically mentioned
was the SP.

>Now, since some people started mentioning different authn mechanisms -
>is HTTP Basicauth a most popular authn mechanism with user/password
>involved? Doesn't ECP itself include some authn mechanism?

No, ECP is SOAP over HTTP, which means authentication is left to SOAP or
HTTP. That includes a hundred or more possibilities. The only conceivable
common denominator is basic-auth and client TLS.

>And lastly, my initial question concerned backends sitting behind IdP.
>So, as I needed a very simple IdP I was asking if there are other
>configs/plugins for setting up Shibboleth IdP with something but LDAP
>underlying. LDAP is probably not very easy to setup and configure,
>especially given the fact I have never done this before :-)

Kerberos is certainly easier.

-- Scott

More information about the users mailing list