Dominic Watts

My comments on technology and business

Shibboleth and ADFS Interoperability – this is now a reality!

Shibboleth and ADFS Interoperability – this is now a reality!

  • Comments 2

Last week, the efforts of Microsoft, the JISC, London School of Economics, Neath Port Talbot and Oxford Computer Group delivered proof of the interoperability between Shibboleth and Microsoft's ADFS. Of course, this has been theorietically possible for nearly a year now but it doesn't seem that anyone has actually proved it. So, I'm really pleased to see that this breakthrough occurred through the collaboration of these different organisations in the UK to demonstrate the potential that ADFS can offer to those many customers in education wishing to have interoperability with Shibboleth.

During the Proof of Concept we were able to demonstrate the following:

  1. An ADFS FS-A talking to a Shibboleth SP
  2. A Shibboleth IdP talking to an ADFS FS-R
  3. The ability to send a "privacy-enhanced" UPN (hash@adatum.com) into the TargetedID attribute.
  4. The ability to manipulate other attributes/claims as we need to – although we haven't necessarily gone as far with this as we could

 

All members of the testing team have copies of virtual PCs with the images and may well develop the interoperability further.

 

Over the next few weeks, we will be writing this up and then, I hope, making generally available to all. One thing I'm interested to do is a UK road show at a number of education institutions to present and demonstrate this solution and will look for interest in the education community.

Thank you to all involved, at last we can begin to turn theory into practice.

  • Glad to see this use fo the Shibboleth ADFS Integration : An extension allowing a Shibboleth 1.3 IdP

  • Following the work on Active Directory integration with Shibboleth reported here I am now able to point

Page 1 of 1 (2 items)
Leave a Comment
  • Please add 1 and 4 and type the answer here:
  • Post