Shibboleth Developers

[Bart Kerver <>]

> I'd love for the A-Select guys to set me straight on this, but  my
> interpretation of the descriptions I've seen so far is that this
> functionality is implemented by caching passwords at the IdP, sending
> passwords as attributes to the SP, and then delivering the passwords to
> the OWA login dll.  Is that right?  I imagine that many users will not
> see regard this as a general purpose solution.

Your analysis is more or less correct.

I agree that it _could_ be done a lot nice if MS would give us (the
right) information. In that case we could create a structural solution
by having A-Select works as an AuthN-plugin for the MS ISA Server that
in it's place connects towards Sharepoint/OWA. This information however
seems miles away (if it ever comes) and the A-Select users _require_ a
working solution that they _now_ can use. So instead of waiting we want
working and the users want it now! ;))

A structural solution could in future also be achieved as soon as MS
implements their WS* into SP/OWA and/or in ISA. Eitherway we can
interface with them.

But meanwhile this is what we worked out.

The Integration Component is relatively safe since the "IdP's" are also
Attribute Authority and in the A-Select environment commonly also
Authentication Authority that uses a secured transport of attributes in
a back-channel. This puts the trust into one hand anyway.

Kind regards,
Bart