Shibboleth Developers

["Josh Howlett" <>]

> We're looking into extending Shibboleth to provide the 
> ability to pass delegated credentials from the IdP to an SP.
> 
> Specifically, we would like to be able to pass WS-Security 
> assertions or Kerberos 5 tickets, so that the SP can then use 
> those credentials to authenticte to another service.

Does this help?

http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-attribute-ker
beros-cd-01.pdf

If you need something that acts more like a web service, I am also in
the process of profiling this with the WS SAML Token Profile (so that
the SAML Token in the context is a SAML assertion containing an
attribute statement encapsulating a Kerberos service ticket).

I would be very happy to discuss your use-case offline, as I'm keen to
ensure that this work corresponds to requirements.

josh. 

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG