OpenAM, ADFS and Shibboleth

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenAM, ADFS and Shibboleth

Apache Idm

Team

I am trying to solve below scenario. Can you please let me know if its possible.

I have below systems with acting.

1. Shibboleth acting as service provider
2. OpenAM acting as IDP for Shibboleth
3. OpenAM IDP authentication should be against ADFS

Thanks
Vipin


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: OpenAM, ADFS and Shibboleth

Rogério Augusto Rondini
So... In this way I believe OpenAM should be the SP to ADFS IDP.
But it seems a stranger scenario...  Did you mean ADFS or just AD ? 

Abs

2016-10-25 15:33 GMT-02:00 Apache Idm <[hidden email]>:

Team

I am trying to solve below scenario. Can you please let me know if its possible.

I have below systems with acting.

1. Shibboleth acting as service provider
2. OpenAM acting as IDP for Shibboleth
3. OpenAM IDP authentication should be against ADFS

Thanks
Vipin


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam



_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: OpenAM, ADFS and Shibboleth

Bert Van Beeck
or,

Shibboleth is the SP
OpenAM acts as an IDP Proxy for the identities in scope, proxying to ADFS
ADFS acts as the IDP for the identities in scope


Op 25 okt. 2016, om 19:49 heeft Rogério Augusto Rondini <[hidden email]> het volgende geschreven:

So... In this way I believe OpenAM should be the SP to ADFS IDP.
But it seems a stranger scenario...  Did you mean ADFS or just AD ? 

Abs

2016-10-25 15:33 GMT-02:00 Apache Idm <[hidden email]>:

Team

I am trying to solve below scenario. Can you please let me know if its possible.

I have below systems with acting.

1. Shibboleth acting as service provider
2. OpenAM acting as IDP for Shibboleth
3. OpenAM IDP authentication should be against ADFS

Thanks
Vipin


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: OpenAM, ADFS and Shibboleth

Bernhard Thalmayr
In reply to this post by Apache Idm
Am 25/10/16 um 19:33 schrieb Apache Idm:

> Team
>
> I am trying to solve below scenario. Can you please let me know if its
> possible.
>
> I have below systems with acting.
>
> 1. Shibboleth acting as service provider
> 2. OpenAM acting as IDP for Shibboleth
> 3. OpenAM IDP authentication should be against ADFS

What should this technically mean? Authentication itself is not covered
by the SAML spec. Which authentication mechanism is provided by ADFS?

If we speak about SAML then Bert's approach is more likely. OpenAM
acting as IdP proxy as well as IdP.

-Bernhard

>
> Thanks
> Vipin
>
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam