shib protected oauth providers?
Liam Hoekenga
liamr at umich.edu
Thu May 4 09:47:44 EDT 2017
> There is an OIDC extension for Shibboleth [1] that allows the IdP to also
act as an OIDC provider.
We're looking into that, but it doesn't (currently) work with the
RemoteUser authentication flow.
> You could also use any OAuth2/OIDC software and protect the Authorization
Endpoint with a
> SAML (Shibboleth) SP and use your IdP for authentication.
Most of the ones that I've found have their own account / login mechanism.
I haven't found many solutions that want to get the user from REMOTE_USER.
UChicago has an overlay for MitreID that preceded the IDP+OIDC integration
https://github.com/uchicago-sg/shibboleth-mitreid-connect
SurfNet has a shib protected OAuth2 provider, but it doesn't do OIDC:
https://github.com/OAuth-Apis/apis
The AAF has something called "Rapid Connect", which provides JWTs to
applications
https://github.com/ausaccessfed/rapidconnect
Liam
On Thu, May 4, 2017 at 2:59 AM, David Huebner <david.huebner at daasi.de>
wrote:
> There is an OIDC extension for Shibboleth [1] that allows the IdP to also
> act as an OIDC provider.
> You could also use any OAuth2/OIDC software and protect the Authorization
> Endpoint with a SAML (Shibboleth) SP and use your IdP for authentication.
> Authorization Endpoint
>
> On 03.05.2017 21:24, Liam Hoekenga wrote:
>
> slightly off topic..
>
> We're getting an increasing number of requests for OAuth2 / OIDC.
> We want something that can be Shibboleth protected such that it stays in
> our current login ecosystem.
>
> What are other people doing?
>
> Liam
>
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170504/63de7aa7/attachment.html>
More information about the users
mailing list