You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently ADFS and Okta are supported. In Higher Education the Shibboleth IdP is a very popular SAML2 IdP.
A "vanilla" deployment of shib uses a basic form-based credential, and would probably work with very little in the way of code changes. The Shib IdP can also be configured to delegate actual authentication to a separate system. At my institution, we delegate authentication to Apereo CAS. We use the shibcas authenticator by Unicon.
This means that the awsprocesscreds helper would need to be able to follow the initial request from the Shib IdP, to the CAS authentication service, and back to the Shib IdP to intercept the SAML2 response. I have some experience with this, and I could submit a PR if you are interested.
I also submitted a separate issue because we protect our CAS authentication with Duo Security MFA. This makes the authentication flow have an additional step. The 2 issues are separate, but they are related in a way, as they both require some mechanism where the basic authentication flow has expanded steps.
The text was updated successfully, but these errors were encountered:
Currently ADFS and Okta are supported. In Higher Education the Shibboleth IdP is a very popular SAML2 IdP.
A "vanilla" deployment of shib uses a basic form-based credential, and would probably work with very little in the way of code changes. The Shib IdP can also be configured to delegate actual authentication to a separate system. At my institution, we delegate authentication to Apereo CAS. We use the shibcas authenticator by Unicon.
This means that the
awsprocesscredshelper would need to be able to follow the initial request from the Shib IdP, to the CAS authentication service, and back to the Shib IdP to intercept the SAML2 response. I have some experience with this, and I could submit a PR if you are interested.I also submitted a separate issue because we protect our CAS authentication with Duo Security MFA. This makes the authentication flow have an additional step. The 2 issues are separate, but they are related in a way, as they both require some mechanism where the basic authentication flow has expanded steps.
The text was updated successfully, but these errors were encountered: