Can a Shibboleth service provider present itself as a SAML identity provider for federation?

Graham Leggett minfrin at
Wed Apr 24 10:18:27 EDT 2019

On 24 Apr 2019, at 13:44, Peter Schober <peter.schober at> wrote:

> If you insist on using an incapable SAML implementation (pac4j-saml
> should support multiple IDPs then none of this would be necessary)
> then I'd suggest other tools specifically created for SAML proxying,
> e.g. SaToSa ( )

For the record, we have an existing turnkey application that uses Apache Shiro, and in turn pac4j-saml to talk to one IDP (and one IDP only). The use of pac4j-saml is simply our starting point, we are in no way “insisting” that it be used, and are just asking what bits we need to swap out to make this work.

Our requirement is to add the option of supporting a second IDP. Is Shibboleth able to do this?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3260 bytes
Desc: not available
URL: <>

More information about the users mailing list