[External] Re: Can a Shibboleth service provider present itself as a SAML identity provider for federation?

Graham Leggett minfrin at sharp.fm
Wed Apr 24 10:48:53 EDT 2019

On 24 Apr 2019, at 16:21, Domingues, Michael D <michael-domingues at uiowa.edu> wrote:

> Based on what you've described, it sounds like you're interested in the Shibboleth SP. Using metadata (either statically loaded, or consumed dynamically if its signed by a trusted key), you can support logins from any number of IDPs. An overview of the SP's configuration can be found here: https://wiki.shibboleth.net/confluence/display/SP3/Configuration <https://wiki.shibboleth.net/confluence/display/SP3/Configuration>

This is indeed the avenue we’ve gone down, but we’re struggling on how to get Shibboleth and an existing java application to talk to one another.

Protecting an Apache httpd based resource is straightforward and easy to understand, however the java application behind needs full access to all the SSO metadata in order to know what groups and attributes the end user has. It’s not as simple as passing the REMOTE_USER.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190424/5a8f5b73/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3260 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20190424/5a8f5b73/attachment.p7s>

More information about the users mailing list