Can a Shibboleth service provider present itself as a SAML identity provider for federation?
Graham Leggett
minfrin at sharp.fm
Wed Apr 24 07:31:58 EDT 2019
Hi all,
I am currently struggling with a conceptual problem on how a federated Shibboleth integrates with an application that expects a SAML2 IDP.
My application embeds pac4j-saml, and integrates with a single IDP, and this works great.
I want to support multiple IDPs in a federation, and am struggling on how to configure this using Shibboleth.
The pac4j-saml applications expects to be given a metadata containing an IDPSSODescriptor tag. Shibboleth service provider metadata is presenting a SPSSODescriptor tag, and the two don’t chat.
Conceptually, what am I doing wrong?
Can Shibboleth present itself as a federated SAML2 IDP? The documentation seems to suggest it can, but then stops short of telling me how.
Can anyone fill me in?
Regards,
Graham
—
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3260 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20190424/b9d198c5/attachment.p7s>
More information about the users
mailing list