ForceAuthn and RemoteUser handler

Peter Schober peter.schober at
Tue Oct 31 09:44:44 EDT 2017

* Matthew Slowe <M.Slowe at> [2017-10-31 12:54]:
> On Tue, Oct 31, 2017 at 12:32:28PM +0100, Peter Schober wrote:
> > What's SSP missing that prevents it from not being usable as an IDP
> > with that SP? From the posts on the SSP mailing lists I have the
> > impression many are in fact using SSP with that service successfully.
> The ECP authnz flow is the only reason we didn't really consider its
> use in this situation - allowing non-web clients to "proxy" their
> authentications via Microsoft over a SOAP request.  I understand that
> this is in development (hoped for 1.16?) so we will be
> looking at this carefully when it arrives :-)

OK. I guess that means all the deployers asking about that SP on the
SSP list are not using this profile.

> > Also I think the Shibboleth IDP can very likely do everything SSP
> > can (and more, of course), so going with either of those two alone
> > would still be preferrable to having to run both.
> In-house our preferred platform is Apache (or nginx) and PHP rather
> than Java. We have also found the configuration and management a lot
> easier with SSP.

Sure, but with running both you now have to care about the union of
both systems' comlexities, so which one is easier is kind of moot. ;)


More information about the users mailing list