Page tree
Skip to end of metadata
Go to start of metadata

Shibboleth is designed to be maximally interoperable with other SAML implementations and SAML-supporting applications. However, standards never address every detail that goes into a successful deployment and implementations often focus on different features or provide for limited flexibility in areas that their implementers find to be unimportant or uninteresting. And then there's the reality that a lot of stuff is just plain broken.

Where information is known or made available about issues or configuration changes needed with other software products, people are encouraged to collect it here. We encourage (in fact we need) deployers of non-Shibboleth software to assist in this process.

But please don't dump a lot of examples of Shibboleth software configuration into these guides. That's not the goal, and you think you're helping but in reality you're just showing your local practices that might or might not have any connection to the "right" way to configure the software.

What these articles are meant for is documenting the foibles and limitations of other products and services because they're so poorly documented themselves. Explain what the software needs in SAML terms. Let the existing documentation cover how to provide those things.

Bear in mind that these are provided as-is in most cases with no curation by the project and there will often be confusing or contradictory material that is hard to reconcile with the official documentation.

Where possible, we encourage the use of a common template for documenting integrations, and you can create a new page from it with this button:Add an Integration Guide

  • No labels

3 Comments

  1. Adobe SSO

    Adobe provides the following page where they document how to configure the Adobe Admin Console and a ShibbolethIdP for use with Adobe SSO:

    1. It's semi-accurate apart from plenty of bad advice on the IdP and doesn't really explain how their system really works, like most vendor documentation. All vendor documentation should be considered highly suspect.

      1. Is there anything about that Adobe "Creative Cloud" Okta SAML thing to be provided here on its own child page, at least a "diff" to their own documentation? E.g. what steps to skip (relying party override for NameID selection), whether their claimed requirement for emailAddress-format NameIDs seems is really necessary given that they also require the email address to be sent as an attribute (with made-up attribute names and "unspecified" NameFormat, of course), instead the provided instructions to add Yet Another AttributeDefinition for name and email such a page could also document merely adding Okta/Adobe-specific AttributeEncoder elements to existing AttributeDefinition elements (even if that info already exists elsewhere in this wiki), etc.

        I don't have access to any Adobe systems or services so don't know and cannot even fuzz out the specifics on their end but I'd help provide improved configuration steps, if having such a page is warranted.