ForceAuthn and RemoteUser handler

Matthew Slowe M.Slowe at
Tue Oct 31 07:53:49 EDT 2017

On Tue, Oct 31, 2017 at 12:32:28PM +0100, Peter Schober wrote:
> * Matthew Slowe <M.Slowe at> [2017-10-30 21:09]:
> > We did... we chose SimpleSAMLphp as our central SSO but have had to
> > hang Shibboleth off to the side to cope with Office365... this
> > seemed like the most elegant solution to keeping it seamless until
> > recently.
> What's SSP missing that prevents it from not being usable as an IDP
> with that SP? From the posts on the SSP mailing lists I have the
> impression many are in fact using SSP with that service successfully.

The ECP authnz flow is the only reason we didn't really consider its
use in this situation - allowing non-web clients to "proxy" their
authentications via Microsoft over a SOAP request.  I understand that
this is in development (hoped for 1.16?) so we will be
looking at this carefully when it arrives :-)

> Also I think the Shibboleth IDP can very likely do everything SSP
> can (and more, of course), so going with either of those two alone
> would still be preferrable to having to run both.

In-house our preferred platform is Apache (or nginx) and PHP rather than
Java. We have also found the configuration and management a lot easier
with SSP.

Matthew Slowe | Server Infrastructure Officer
IT Infrastructure, Information Services, University of Kent
Room S21, Cornwallis South
Canterbury, Kent, CT2 7NZ, UK
Tel: +44 (0)1227 824265 | @UnikentUnseenIT | @UKCLibraryIt

More information about the users mailing list