Hi
I've been involved in three such deployments albeit not for UK
institutions. We used FEMMA to do this, It's a bit 'clunky' but works
with these caveats
* It does not work with SAML1 Service Providers (some publishers still
support SAML1 only!)
* It does not work with Service Providers with non-https URLs (all
publishers use https so not really an issue)
* It's take 80 minutes to refresh metadata if your metadata includes
eduGAIN entities (the default in the UK AMF). I'd recommend not
using the internal Windows database as the ADFS store.
* It doesn't work with Raptor if you have used that for Shibb stats
On the upside, it allows an institution who needs ADFS (e.g. who have no
Unix people on their teams or have services that can only work with
AFS), to have a single system for Single-Sign-On.
There was another option which we do not test; protecting ADFS with
Shibboleth, this gives you the best of ADFS and best of Shibboleth combined.
Kind Regards
Glenn Wearen
On 19/10/2016 10:59, Richard Taylor wrote:
> Hello
>
> Is there any institution out there who has successfully deployed - or
> considered & rejected - a souped up configuration of Microsoft ADFS that
> provides Shibboleth / SAML2 functionality?
>
> I'd be very interested if anyone could share their opinion of well such an
> arrangement would work, specifically from a Library perspective.
>
> For example, how easy would it be to set up authentication with database
> publishers and maintain things like granular access rules for e-resource
> licences?
>
> Thanks
> Richard
>
>
> *Richard Taylor*
>
> *Deputy Director of Library Services (Digital & Research)Bath Spa
> University*
> T: +44 (0)1225 875476
> Visit www.bathspa.ac.uk
>
> Join us on: Facebook <http://www.facebook.com/bath.spa.university> | Twitter
> <https://twitter.com/#!/BathSpaUni> | YouTube
> <http://www.youtube.com/BathSpaUniversity> | LinkedIn
> <http://www.linkedin.com/company/bath-spa-university>
> Newton Park Library, Newton St Loe, Bath, BA2 9BN
>
> *Think before you print*
>
>
>
> *Disclaimer*
>
> If you have received this message in error, please notify us and remove it
> from your system. Any views or opinions expressed in personal emails are
> solely those of the author and do not necessarily represent those of Bath
> Spa University. Neither Bath Spa University nor the sender accepts any
> responsibility for viruses and it is your responsibility to scan this email
> and any attachments for viruses.
>
> lis-e-resources is a UKSG list - http://www.uksg.org
> UKSG groups also available on Facebook and LinkedIn
> Follow us on Twitter: https://twitter.com/UKSG
lis-e-resources is a UKSG list - http://www.uksg.org
UKSG groups also available on Facebook and LinkedIn
Follow us on Twitter: https://twitter.com/UKSG
|