Windows IIS Service Providers

Shibboleth SP

Tested working with flexmls IdP

The flexmls IdP uses Shibboleth software, and generally the same SAML vendor works better using the same SP and IdP. We have the most experience with Shibboleth, and can provide help if you decide on this method. The only downside to Shibboleth is it’s more difficult to cluster across multiple machines, unless “sticky” sessions are used in load balancing.  (One user always stays on the same web server)  To avoid sticky sessions, read this document for information on clustering the shibd session manager.

  • For a working memcache, remote shibd, multiple virtual host example, check out my example shibboleth2.xml. (Note this is for Linux, but the IIS install will be similar)
  • To enable SAML attributes (extra information about the user) replace the attribute-map.xml configuration file with this example. This file is set up to map all of the flexmls attributes, if they are available for each user.

Ping Identity’s PingFederate

Does not work with flexmls IdP!

This is a widely used commercial solution for SAML SSO in Windows. The PingFederate Integration kit will not work with the flexmls IdP.  While the PingFederate server is advertised as being SAML 2.0 compliant, the Service Provider integration kits are proprietary and will only work with Ping Identity’s server.

More information here

Comments on this entry are closed.