Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] ADFS/LDAP Integration with grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] ADFS/LDAP Integration with grouper


Chronological Thread 
  • From: Robert Bradley <>
  • To:
  • Subject: Re: [grouper-users] ADFS/LDAP Integration with grouper
  • Date: Thu, 20 Oct 2016 18:03:45 +0100
  • Ironport-phdr: 9a23:PPdZChz//uBE7X3XCy+O+j09IxM/srCxBDY+r6Qd0u0RIJqq85mqBkHD//Il1AaPBtqLra8fwLOL+4nbGkU+or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6a8TWO6msdABLiLQdvY/nuF5TJp8Wxy+2o/ZDPOUNFiCfuT6l1KUCMqg/crNVeq5FrJqI821OduHxCdv5Kg2lyLF6XkgfU59v2+44l+i8WpvF3pJ0IarnzY6ltFe8QNz8hKW1gvMA=

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 20/10/16 17:25, Katika,Shanthi Swaroop wrote:
> Hi,
>
> I have recently integrated Shibboleth for authentication
> successfully. I’m looking to integrate LDAP/ADFS as an alternative
> authentication system as some of the users are on Shibboleth while
> rest of the users are on LDAP/ADFS. Has anyone integrated
> LDAP/ADFS with grouper, or integrated multiple ways to authenticate
> to grouper?
>

I've never tried it, but the obvious option to me would be to add the
ADFS server's metadata to your Shibboleth SP, then then add the SP as
a SAML2 relying party in ADFS. You could then set up Shibboleth
Embedded Discovery Service software on the SP to select either the
ADFS or Shibboleth IdP for logging in. As long as the REMOTE_USER
variable can be mapped to a Grouper subject ID or subject identifier,
you should be fine.

The configuration for that should not be particularly Grouper
specific, so your best bet would be to look at the Shibboleth wiki
along with
https://technet.microsoft.com/en-us/library/gg317734%28v=ws.10%29.aspx
for the ADFS side. The shibboleth-users mailing list may well be
useful too.

- --
Dr Robert Bradley
Identity and Access Management Team, IT Services, University of Oxford
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYCPjxAAoJEJRhp8p2r+O+8JsP/3+9Nug6MZNc9rQhr++Caf4P
yYv/V6G9j6K2SM/Leq8Yr3FFIePGHuzcre3kkBi9dkMO524hk7ixk2VlXykLi5dP
4fZ+ZSrDVcR6gnxGVxSM16lSb67PLMMuQ+WaBZvsKKxGZgHn7lVf1SD2A/0Om11j
4dNRJkh5MOn9OKyI9i9Ix+YsTj8tK5Y+U6SRYkQ+ot7F7OqcOy4az13d9LABnk03
8UVWIsPuJlxHdjN+0qjyhaFCuik9iVeYedoWhRNxt7IJavp2vCE0ljt/TPCmNva8
5VxNCyjQYYSpnyH9LyhRv2DHaKI65EtUF8E7VSezosWTp9y+nxOZ82mmBTli/TC5
bOf4i9xp1kHLHvCl//c1WevTOg4mNiy6T3gDQjHZrR0Vu1p8hi0FFTvV1kdn3qK6
ragwgSJE74TGkAnRh/sIyBe4EHgOsw1LqgXkXre2g8Wc1eeoc4pahc/ZLJI3W/Ux
8Gg/PDw498h0jZXSEWOPLCUuyhQVybdhsPR1VSWrJsqdK2x53TmbosSIR6TYBUAs
8z1rAdzZ3eY/71edvj4ubjL7UZvdqMB5q4e0zicNxlI5/mDVvpjytEsxYeOkeZ/A
QMPHMqbtyBe94hiR7Zv48nEr23wtxP4I/0q4t/G0tBP4KbJE/1yJhW5BmPWyCWgg
j32frFa32wRIYTXC+jAF
=+leF
-----END PGP SIGNATURE-----



Archive powered by MHonArc 2.6.19.

Top of Page