Shibboleth v3 idp with ADFS
simlu at su.se
Tue Apr 12 06:49:26 EDT 2016
On Mon, 2016-04-11 at 13:38:49 +0000, Cantor, Scott wrote:
> > Has anyone set up something similar? Can one shibboleth idp instance also
> > act as a sp to authenticate, or would it be possible to for example run
> > another instance of shibboleth or IIS in front of the idp to protect those
> > pages, and somehow pass the authenticated username through?
> Shibboleth isn't well suited to that scenario, the IdP is not an SP. You would have to set up an SP yourself in front of it and do some work to proxy the data.
We have set it up the other way around: ADFS acts as the "proxy SP" and
translates from SAML2 into ADFS Claims and WS-things.
I don't have the links handy but I'm sure we pretty much just followed
Microsofts guides on TechNet.
Section for Infrastructure
SE-106 91 Stockholm, Sweden
More information about the users