ForceAuthn and RemoteUser handler
Matthew Slowe
M.Slowe at kent.ac.uk
Tue Oct 31 07:53:49 EDT 2017
On Tue, Oct 31, 2017 at 12:32:28PM +0100, Peter Schober wrote:
> * Matthew Slowe <M.Slowe at kent.ac.uk> [2017-10-30 21:09]:
> > We did... we chose SimpleSAMLphp as our central SSO but have had to
> > hang Shibboleth off to the side to cope with Office365... this
> > seemed like the most elegant solution to keeping it seamless until
> > recently.
>
> What's SSP missing that prevents it from not being usable as an IDP
> with that SP? From the posts on the SSP mailing lists I have the
> impression many are in fact using SSP with that service successfully.
The ECP authnz flow is the only reason we didn't really consider its
use in this situation - allowing non-web clients to "proxy" their
authentications via Microsoft over a SOAP request. I understand that
this is in development (hoped for 1.16?) so we will be
looking at this carefully when it arrives :-)
> Also I think the Shibboleth IDP can very likely do everything SSP
> can (and more, of course), so going with either of those two alone
> would still be preferrable to having to run both.
In-house our preferred platform is Apache (or nginx) and PHP rather than
Java. We have also found the configuration and management a lot easier
with SSP.
--
Matthew Slowe | Server Infrastructure Officer
IT Infrastructure, Information Services, University of Kent
Room S21, Cornwallis South
Canterbury, Kent, CT2 7NZ, UK
Tel: +44 (0)1227 824265
www.kent.ac.uk/is | @UnikentUnseenIT | @UKCLibraryIt
PGP: https://keybase.io/fooflington
More information about the users
mailing list