integrating Shibb IdP with benefits administration

Les LaCroix llacroix at
Fri Jul 19 11:35:45 EDT 2019

Good morning,

Our HR department is interested in switching from their current benefits
administration system to  SSO is an important factor because of
Duo support.  Based on the documentation they gave me about SAML 2.0
integration, it doesn't look like they do SAML well.  IT would like to give
HR a thumbs-up about SSO support, but if it's likely to require heroic
efforts we want HR to know that up-front.

1) Has anyone on the list configured Shibboleth IdP with the bswift SP?
How easy/difficult was it compared to other vendor integrations?  Were they
competent partners in the setup?

2) Their examples all show saml:Attribute stanzas with a NameFormat
of "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", not "...:uri".
(Correspondingly, the Names of the attributes are more like friendly names
and not URIs.)  I am seeing examples of the "basic" name format in the
Shibboleth SP docs but not the IdP docs.  All of the references to that
format at are really old.  If the vendor requires the IdP to
use that name format, is that easily configurable in Shibboleth IdP?  Will
it continue to be supported in future versions of Shibboleth IdP?

We will be running IdP 3.4.4, or at least 3.4.3, by the time I would need
to configure it for this vendor.

Thanks! -Les

Les LaCroix '79 | Strategic Technologist
Carleton College | 1 N. College St. | MS 3-ITS | Northfield, MN 55057
507.222.5455 | free/busy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list