shib protected oauth providers?

Vipin Jain vjain at simeiosolutions.com
Thu May 4 09:49:38 EDT 2017 

Why don’t you look at gluu.org which is based on Shibboleth IDP and also
has OIDC features





*Thanks*

*Vipin*

*From:* users [mailto:users-bounces at shibboleth.net] *On Behalf Of *Liam
Hoekenga
*Sent:* Thursday, May 04, 2017 7:18 PM
*To:* Shib Users <users at shibboleth.net>
*Subject:* Re: shib protected oauth providers?



> There is an OIDC extension for Shibboleth [1] that allows the IdP to also
act as an OIDC provider.



We're looking into that, but it doesn't (currently) work with the
RemoteUser authentication flow.



> You could also use any OAuth2/OIDC software and protect the Authorization
Endpoint with a

> SAML (Shibboleth) SP and use your IdP for authentication.



Most of the ones that I've found have their own account / login mechanism.
I haven't found many solutions that want to get the user from REMOTE_USER.



UChicago has an overlay for MitreID that preceded the IDP+OIDC integration

https://github.com/uchicago-sg/shibboleth-mitreid-connect



SurfNet has a shib protected OAuth2 provider, but it doesn't do OIDC:

https://github.com/OAuth-Apis/apis



The AAF has something called "Rapid Connect", which provides JWTs to
applications

https://github.com/ausaccessfed/rapidconnect



Liam



On Thu, May 4, 2017 at 2:59 AM, David Huebner <david.huebner at daasi.de>
wrote:

There is an OIDC extension for Shibboleth [1] that allows the IdP to also
act as an OIDC provider.
You could also use any OAuth2/OIDC software and protect the Authorization
Endpoint with a SAML (Shibboleth) SP and use your IdP for authentication.

Authorization Endpoint



On 03.05.2017 21:24, Liam Hoekenga wrote:

slightly off topic..



We're getting an increasing number of requests for OAuth2 / OIDC.

We want something that can be Shibboleth protected such that it stays in
our current login ecosystem.



What are other people doing?



Liam






--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net

-- 
The information in this message may contain confidential information and 
may be legally privileged. It is intended solely for the individual(s) 
named. Access to this email by anyone else is unauthorized. Please notify 
the sender immediately if you have received this email by mistake and 
delete this email from your system. If you are not the intended recipient, 
any disclosure, copying, distribution or any action taken or omitted to be 
taken in reliance on it, is prohibited and may be unlawful. Email 
transmission cannot be guaranteed to be secure or error-free, as 
information could be intercepted, corrupted, lost, destroyed, arrive late 
or incomplete, or contain viruses. When addressed to our clients any 
decisions or recommendations contained in this email are subject to the 
terms and conditions expressed our contract and related statement of work 
letter(s)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170504/2041b027/attachment.html>

More information about the users mailing list