Random authentication question

[Nate Klingenstein]

Rob,

> Instances boot from generic images, but admins can configure default boot strapping actions

Bootstrapping, user interfaces, and API’s are generally pretty customized to the deployment environment.  Some of these are federated identity aware; some aren’t.  I’m not aware of any running Shibboleth as a service provider, but the two largest providers both maintain basic documentation on interoperability with Shibboleth.

> Is there any role for Shibboleth for logging into cloud instances?

You may be interested in the PAM modules that have been written.  SPNEGO support is out there, too.

Beyond that, it’s ultimately a question of what the server and the clients you care about support.  You can shoehorn SAML into almost any implementation or protocol if you’re willing to get ugly enough and you don’t care about strongly binding tokens to clients.  After all, bearer tokens are bearer tokens...

Hope this helps,
Nate.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160429/13abfa60/attachment.html>