shibboleth-dev - RE: [Shib-Dev] Passing delegated credentials
Subject: Shibboleth Developers
List archive
- From: "Josh Howlett" <>
- To: <>
- Cc: "Josh Howlett" <>
- Subject: RE: [Shib-Dev] Passing delegated credentials
- Date: Tue, 6 Apr 2010 15:35:03 +0100
> We're looking into extending Shibboleth to provide the
> ability to pass delegated credentials from the IdP to an SP.
>
> Specifically, we would like to be able to pass WS-Security
> assertions or Kerberos 5 tickets, so that the SP can then use
> those credentials to authenticte to another service.
Does this help?
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-attribute-ker
beros-cd-01.pdf
If you need something that acts more like a web service, I am also in
the process of profiling this with the WS SAML Token Profile (so that
the SAML Token in the context is a SAML assertion containing an
attribute statement encapsulating a Kerberos service ticket).
I would be very happy to discuss your use-case offline, as I'm keen to
ensure that this work corresponds to requirements.
josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
- Passing delegated credentials, Jeffrey T Eaton, 04/06/2010
- Re: [Shib-Dev] Passing delegated credentials, Peter Schober, 04/06/2010
- RE: [Shib-Dev] Passing delegated credentials, Josh Howlett, 04/06/2010
- RE: [Shib-Dev] Passing delegated credentials, Scott Cantor, 04/06/2010
Archive powered by MHonArc 2.6.16.