combine moonshot sp with shibboleth idp

[Alejandro Perez-Mendez]

El 10/6/20 a las 18:07, Alan Buxey escribió:
> ...even with an ECP flow?
>
> alan

If you mean making the RADIUS server to grab the user credentials
(assuming PAP is being used) and then perform an ECP flow with the IDP
using those credentials to see if the authentication succeeds, I guess
that's possible yes. I think there was some proof of concept
implementation made by Roland Herdberg using pysamlv2.

But TBH, I see little benefit of that approach versus just connecting
the RADIUS server directly to the LDAP server, which is flawless and
well-proven implementation, assuming you're in control of it. Unless I'm
missing some aspect of it...

A whole different story is using ECP *instead* of Moonshot (e.g
https://datatracker.ietf.org/doc/draft-cantor-ietf-kitten-saml-ec/), but
that wasn't the question :).

Cheers,
Alex

--
Alejandro Perez-Mendez
Technical Specialist (AAA), Trust & Identity
Skype alejandro_perez_mendez
jisc.ac.uk


Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company limited by shares which is registered in England under company number 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice