> We have set it up the other way around: ADFS acts as the "proxy SP" and > translates from SAML2 into ADFS Claims and WS-things. Certainly an option, and it has that capability built in. Not to mention Shibboleth has a lot more pluggability wrt to authentication than ADFS does. -- Scott