Shibboleth v3 idp with ADFS

Simon Lundström simlu at
Tue Apr 12 06:49:26 EDT 2016

On Mon, 2016-04-11 at 13:38:49 +0000, Cantor, Scott wrote:
> > Has anyone set up something similar? Can one shibboleth idp instance also
> > act as a sp to authenticate, or would it be possible to for example run
> > another instance of shibboleth or IIS in front of the idp to protect those
> > pages, and somehow pass the authenticated username through?
> Shibboleth isn't well suited to that scenario, the IdP is not an SP. You would have to set up an SP yourself in front of it and do some work to proxy the data.

We have set it up the other way around: ADFS acts as the "proxy SP" and
translates from SAML2 into ADFS Claims and WS-things.

I don't have the links handy but I'm sure we pretty much just followed
Microsofts guides on TechNet.

- Simon


Simon Lundström
Section for Infrastructure

IT Services
Stockholm University
SE-106 91 Stockholm, Sweden

More information about the users mailing list