Can a Shibboleth service provider present itself as a SAML identity provider for federation?

Graham Leggett minfrin at
Wed Apr 24 10:56:01 EDT 2019

On 24 Apr 2019, at 16:44, Peter Schober <peter.schober at> wrote:

> That's fine and from what I heard pac4j-saml seemed quite capable.
> That it doesn't support more than one IDP sucks (though that isn't all
> that uncommon) and that's why you should replace it, if that's doable.
> Doing that (instead of adding a proxy) should provide better security
> and more protocol fidelity.

We definitely in a position to replace it - the question is what to replace it with.

Can Shibboleth pass metadata to an application behind Shibboleth using something like JWT?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3260 bytes
Desc: not available
URL: <>

More information about the users mailing list