SP registration APIs

Liam Hoekenga liamr at umich.edu
Wed Aug 1 11:30:25 EDT 2018


We're in process of replacing our combination of the Shibboleth IDP and our
legacy SSO to strictly Shibboleth.

One concern raised by our campus is that our legacy SSO provided the
ability for SPs to self provision (as long as your host met certain
criteria, you could just point the SP at Cosign and it would work).

I would really not rather loosen the restrictions on the
UnverifiedRelyingParty and run an open IDP.

What we've been asked for are APIs that would allow end systems (like
container orchestrators) to programmatically provision SPs on the fly.

It seems like some of this might be doable using the metadata managed
configuration... but there's still the issue of getting the metadata onto
the IDP.

Has anyone implemented something similar?

Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180801/a64235c1/attachment.html>


More information about the users mailing list