Shibboleth IDP delegates to another IDP

Thomas Colin de Verdière tdeverdiere at
Mon Apr 29 10:24:20 EDT 2019


Is this a possible feature of shibboleth to delegates authentification to
another idp.

The case is :
- We have an instance of Shibboleth IDP connected to an Open LDAP. We have
the control over Shibboleth and Open LDAP.
- We have 2 applications that we have control on. These 2 applications are
the Service Providers, and both are configured to authenticate through the
instance of Shibboleth IDP. So when a user logs into one the 2
applications, he is authenticated on the other.
- Now a customer has an IDP (a custom one, another Shibboleth, Google,
Microsoft). Could we let Shibboleth delegates the authentication to the IDP
of the customer. We had off course to configure Shibboleth to add the IDP
of the customer. This will avoid to change the 2 service providers
For example, i can see a Login form + a Login with Google on :

If i need advice for that, how could i do ?

Thomas de Verdière
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list