1

Two of our higher-ed clients use Shibboleth for SSO. I have zero experience with Shib, and do not have an instance to test with.

Ultimately we would like to integrate a Shib SSO with these clients in our Windows Azure (MVC) web role. So my questions are:

  1. Is this possible?
  2. If so, how? Do any settings need to be make on Shib, and what are they?

I spoke with Vittorio Bertocci last year at MIX 11 about this. He told me there is a checkbox called "WS-Federation" that can be enabled in Shib, which would enable compatibility. I've learned from out clients that WS-Fed is supported on the Service Provider but not the Identity Provider.

I will be more than happy to supplement this question with more details in response to comments.

danludwig
  • 46,965
  • 25
  • 159
  • 237

2 Answers2

3

On Azure side, you would use WIF which has extensions to implement SAML 2.0 protocol (apparently still in CTP). You would not use ACS in between in this case. Warning: there are some gotchas while using WIF with ASP.NET MVC

:-) Benjamin

Community
  • 1
  • 1
benjguin
  • 1,496
  • 1
  • 12
  • 21
  • Funny I actually subscribe to the Claims-Based Identity blog. Sure enough, this CTP post was in my rss feeds archive. They haven't posted anything else since July... any idea if they changed their blog to a different RSS url? Trying to find out how much longer this will be in CTP... – danludwig Jan 05 '12 at 17:05
0

If Azure supports SAML 2.0, then it will, more or less, interoperate with Shibboleth. If it only supports WS-Federation, then it won't for your purposes.

Scott Cantor
  • 21
  • 1