Can Shibboleth 3.4.x delegate authentication to another IDP(such as Azure B2C)
clibois.work at gmail.com
Thu Jul 16 15:37:59 UTC 2020
Thank for your answer.
Using shibboleth as SP in front of the IDP is an interesting idea.
I have found that there is a possibility to use the ExternalAuthentication
but I would have to manually handle the whole SAML flow...
The SAML Proxy login flow is clearly the cleaner solution. However, Our
planning is too short and risky to do a migration from 3.4.1 to 4.x. I will
check with our infrastructure however.
I will also check if by any chance this feature have been back-ported(or if
I can backport it).
Thank you very much for your tips.
Le jeu. 16 juil. 2020 à 16:49, Peter Schober <peter.schober at univie.ac.at> a
> * Claude Libois <clibois.work at gmail.com> [2020-07-16 16:35]:
> > However, our architect claims that since version 3.3.x it's possible
> > that shibboleth transfer the authentication to an external IDP.
> Not sure what that refers to specifically but any Shibboleth IDP can
> be used in such a manner by protecting its SSO endpoints with a SAML
> SP (e.g. of the Shibboleth implementation) and hooking that SP up to
> the external IDP.
> To make that even easier IDPv4 mentions a "SAML proxy login flow"
> under "Noteworthy New Features" as part of its Release Notes:
> Since you'll have to upgrade your IDPv3 to v4 anyway before the end of
> the year (when support for IDPv3 will end) you might as well upgrade
> now and make use of that new feature.
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users