ForceAuthn and RemoteUser handler
Peter Schober
peter.schober at univie.ac.at
Tue Oct 31 09:44:44 EDT 2017
* Matthew Slowe <M.Slowe at kent.ac.uk> [2017-10-31 12:54]:
> On Tue, Oct 31, 2017 at 12:32:28PM +0100, Peter Schober wrote:
> > What's SSP missing that prevents it from not being usable as an IDP
> > with that SP? From the posts on the SSP mailing lists I have the
> > impression many are in fact using SSP with that service successfully.
>
> The ECP authnz flow is the only reason we didn't really consider its
> use in this situation - allowing non-web clients to "proxy" their
> authentications via Microsoft over a SOAP request. I understand that
> this is in development (hoped for 1.16?) so we will be
> looking at this carefully when it arrives :-)
OK. I guess that means all the deployers asking about that SP on the
SSP list are not using this profile.
> > Also I think the Shibboleth IDP can very likely do everything SSP
> > can (and more, of course), so going with either of those two alone
> > would still be preferrable to having to run both.
>
> In-house our preferred platform is Apache (or nginx) and PHP rather
> than Java. We have also found the configuration and management a lot
> easier with SSP.
Sure, but with running both you now have to care about the union of
both systems' comlexities, so which one is easier is kind of moot. ;)
-peter
More information about the users
mailing list