Shibboleth v3 idp with ADFS

[LAKIN Paul]

Good Afternoon,

We are looking to move from shibboleth v2 to v3 and at the same time we would like to better integrate it with our MS ADFS system - at the moment the two are largely separate.

Our goal would be a single sign on experience between the two. Would anyone be able to offer any advice on how to go about this? In particular we would like to use shibboleth as the idp, but authenticating the user with ADFS instead of ldap. That is, the external resource would direct our user to login at shibboleth.staffs.ac.uk, and if the user was not already authenticated shibboleth would redirect the user to adfs.staffs.ac.uk. Once authenticated Shibboleth would provide the access token for the service provider.

Has anyone set up something similar? Can one shibboleth idp instance also act as a sp to authenticate, or would it be possible to for example run another instance of shibboleth or IIS in front of the idp to protect those pages, and somehow pass the authenticated username through?

I would appreciate any pointers!

Kind Regards,
Paul

Paul Lakin
Staffordshire University


________________________________

The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160411/2174157a/attachment.html>