Skip to Content.
Sympa Menu

technical-discuss - Re: [InC-Technical] RE: ADFS InCommon Federated Services Help

Subject: InCommon Technical Discussions

List archive

Re: [InC-Technical] RE: ADFS InCommon Federated Services Help


Chronological Thread 
  • From: Nick Roy <>
  • To: "Matthew X. Economou" <>, Eric C Kool-Brown <>, "" <>, "" <>
  • Subject: Re: [InC-Technical] RE: ADFS InCommon Federated Services Help
  • Date: Mon, 12 Feb 2018 21:11:26 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:Gu86exessNp5TltkNKwxNja+lGMj4u6mDksu8pMizoh2WeGdxc26ZheN2/xhgRfzUJnB7Loc0qyK6/mmATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfa5+IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNgHR2ROQ9xRWjRBDI2icoUPE+QPM+VWr4n8u1QAohSxCBKwBOP21jNEmmP60bEk3+knDArI3BYgH9ULsHnMtNv1NbsdUeOox6fUyjXCb+5d1DD76IjSdRAgoeqBXbN2ccrN10YvDQXFgUuMqYD7JT+ayPkCs3WC4udmSOmhiHYnphlsrjSzycogkIbEi4APxl3L6yl12oI4KcOgREJmYNOpHoFcuz+aOoZ4WM8vTG5ltDwnxrEav5OwYTIEx449xxHFbvyKa4iI7QznVOaWOTp2nG5odrWjixu86ESt1+/zWtet3FZNtSVKjMPAtncQ1xzP8ceHTeZ9/kG81jqVzwDT8OZEIVwqmqXHN54hw7kwlpwJvUTEAy/2hEH2jKiRdkUn4OSn9+PnYrD+qp+dMY97lB3+P7wzlsCjDuk0KAcDUmqB9emzyrHv50n0TKtSgv0ziKbZsZTaJcoBpq6+Bg9YyoAj6wy4Dzamy9kYnH8HLE5bdxKdiYjmJU3OLO7iAfihnlusjS9nx+raMb35HpXNMn/Dna/gfbZ790Fczw8zzdVY55JSEL0BJ+jzWkDouNzEEBA2Lwy0w+DmCNphzIweXXuDDbKYMKPJrVCI+/kvI/KXaY8RuTb9MOQl5+XwgXMjmF8de7Wp0oUNaHC+APtmP1uVbWDyjdgcDGdZ9jY5GabPgUGeUTNML0b0F4834Tc8DYW7R8+XVo2rh6SB2yGTH4dKYGdJTFeWHiGsP6ieWvxEQ2qxJchl1xYeUqenA9si0haqnBLljbdrM7yQsmcEuJnj0tl+7umWmRAp/iFvFOyc1WqKSmRzmCUPXTB8lPRjrEd9zFaI2Kw9j/1DHsFI/NtIVAw9MJvbyap9Ed+kHkqLd9OEWF+gTs+rRzg9R9UZxtgUbE97Xdiuk1qLiyOuDq8ckbCRCdo9/qvb9332Pcl0zTDL2LR33Hc8Rc4aE2ytheZF8BmbU4jTlFSxlqC2eL4a0TKXsmqP0Dzd7wljTAdsXPCdDjgkbUzMoIG8vxuaQg==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99
On 2/8/18 7:10 PM, Matthew X. Economou wrote:
> Eric C. Kool-Brown writes:
>
>> I think I left off one bit of perhaps relevant info regarding the
>> second use case of ADFS as the IdP. The ADFS metadata (as a service
>> provider) would need to be added to the InCommon aggregate in order to
>> be trusted by the other InCommon IdPs. I suppose that ADFS could also
>> have IdP metadata added so it could be a full federation partner as
>> well. Does anyone on the list know of a federation member that has done
>> either of these things?
> I've run AD FS both as an InCommon IdP and an InCommon SP, with both as
> full federation partners. While we solved the metadata consumption,
> attribute scope checking, and discovery UX issues, we encountered lots of
> little issues that required disabling request/assertion encryption or
> switching between SHA-1/SHA-256 on individual CP/RP trusts. Ultimately, we
> replaced the IdPs with Shibboleth and moved the SPs behind SATOSA. This
> works a LOT better, which is why I'm willing to use some of my Copious Free
> Time to help Mr. Adao deploy Shibboleth.

Community helping community, always awesome. Let me and/or Paul Caskey
know if you need anyone to help out. Paul is "Mr. Shib Training".

Thank you for doing this, Matthew.

Also, I hear you are interested in TLS on the MDQ beta server. Hit me
up on the ops advisory list and I can let you know current status and we
can chat with Ian.

Best,

Nick

>
> Best wishes,
> Matthew
>


Archive powered by MHonArc 2.6.19.

Top of Page