Two of our higher-ed clients use Shibboleth for SSO. I have zero experience with Shib, and do not have an instance to test with.
Ultimately we would like to integrate a Shib SSO with these clients in our Windows Azure (MVC) web role. So my questions are:
- Is this possible?
- If so, how? Do any settings need to be make on Shib, and what are they?
I spoke with Vittorio Bertocci last year at MIX 11 about this. He told me there is a checkbox called "WS-Federation" that can be enabled in Shib, which would enable compatibility. I've learned from out clients that WS-Fed is supported on the Service Provider but not the Identity Provider.
I will be more than happy to supplement this question with more details in response to comments.
If Azure supports SAML 2.0, then it will, more or less, interoperate with Shibboleth. If it only supports WS-Federation, then it won't for your purposes.
On Azure side, you would use WIF which has extensions to implement SAML 2.0 protocol (apparently still in CTP). You would not use ACS in between in this case. Warning: there are some gotchas while using WIF with ASP.NET MVC
:-) Benjamin