shibboleth vs those "other" idps

IAM David Bantz dabantz at
Thu May 14 13:01:25 EDT 2015

Thanks Rob.

I long for such analysis as well.  As an institution using Banner that has
embraced SSO and ironically deployed no less than 5 non-interoperating SSO
solutions, Ellucian's announced EIS (our 6th SSO?) is currently sucking a
lot of oxygen from the room.

On Thu, May 14, 2015 at 8:37 AM, Rob Gorrell <rwgorrel at> wrote:

> Our school doesn't have a long standing, deeply entrenched history with
> SSO... our first foray only a few years back with a Shibb 2.x IdP. But
> since, we have grown our SSO presence and built a dependency on SAML
> becoming a moderate sized shop. As SSO becomes common part of our
> vocabulary, I've seen a lot more requests to integrate with apps and
> services that aren't always SAML-friendly... a lot of vendors are now
> shopping their idp of choice to match their product's SSO integration.
> Lately, it seems like everything wants to be an IdP (Ellucian EIS,
> Netscalar/BigIP, Okta, AzureAD, etc) and many of these solutions come with
> baked-in multi-protocol support (SAML, WS-Fed, CAS, etc) marketing
> themselves as truly agnostic SSO solutions.
> What I'm being asked more and more these days is to justify the choice of
> staying with shibb being that it is largely centered around SAML (and CAS
> thanks to v3.0). That if we were to pick one these others that support the
> long list of integrations, we could onboard more services without having to
> evangelize SAML.
> So I was hoping you guys might be able to help me collect and organize my
> thoughts on what sets the shibb IdP aside from the growing number of
> generic players that have joined the game. What principally does shibb do
> very well that the others don't? I think most of the argument evolves
> around the word "federation" and metadata management, but I figure I'd ask
> those much more knowledgeable about the subject to arm me with a little
> more ammo than I'm carrying today.
> Thanks,
> -Rob
> --
> Robert W. Gorrell
> Systems Architect, Identity and Access Management
> University of NC at Greensboro
> 336-334-5954
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list