integrating Shibb IdP with bswift.com benefits administration
Les LaCroix
llacroix at carleton.edu
Fri Jul 19 11:35:45 EDT 2019
Good morning,
Our HR department is interested in switching from their current benefits
administration system to bswift.com. SSO is an important factor because of
Duo support. Based on the documentation they gave me about SAML 2.0
integration, it doesn't look like they do SAML well. IT would like to give
HR a thumbs-up about SSO support, but if it's likely to require heroic
efforts we want HR to know that up-front.
1) Has anyone on the list configured Shibboleth IdP with the bswift SP?
How easy/difficult was it compared to other vendor integrations? Were they
competent partners in the setup?
2) Their examples all show saml:Attribute stanzas with a NameFormat
of "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", not "...:uri".
(Correspondingly, the Names of the attributes are more like friendly names
and not URIs.) I am seeing examples of the "basic" name format in the
Shibboleth SP docs but not the IdP docs. All of the references to that
format at oasis-open.org are really old. If the vendor requires the IdP to
use that name format, is that easily configurable in Shibboleth IdP? Will
it continue to be supported in future versions of Shibboleth IdP?
We will be running IdP 3.4.4, or at least 3.4.3, by the time I would need
to configure it for this vendor.
Thanks! -Les
------------------------------
Les LaCroix '79 | Strategic Technologist
Carleton College | 1 N. College St. | MS 3-ITS | Northfield, MN 55057
507.222.5455 | free/busy
<https://calendar.google.com/calendar/embed?src=llacroix%40carleton.edu&ctz=America/Chicago>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190719/46b95d13/attachment.html>
More information about the users
mailing list