Closed lahmann closed 7 years ago
nichtich
commented
9 years ago I am not familiar with Shibboleth so a more detailed user story would help to judge. However I suppose that Shibboleth can be supported as alternative authentification method by replacing PAIA auth with another service. I am not sure about the relationship between OAuth2 and Shibboleth, maybe general support of OAuth2 (#51) could further simplify support of Shibboleth.
tzeumer
commented
8 years ago I wonder, exists a solution now? Maybe with a how to? :)
olli-gold
commented
8 years ago With an admittedly limited knowledge of Shibboleth I guess that supporting Shibboleth for PAIA would require a Service Provider implementation, which could generate the access token for PAIA and an Identity Provider containing the patron authentication information. For any PAIA request the access token could get used. But I guess there is no Service Provider implemented yet, bypassing PAIA Auth to generate an access token. Or am I wrong with that?
nichtich
commented
8 years ago olli-gold is right. To further integrate Shibboleth and PAIA and documentation, a use case with an existing Identity Provider is needed. But I think that OAuth comes first.
nichtich
commented
7 years ago This ins unlikely to make it into the specification. See #62 for plans for further integration of OAuth instead.
Is there any solution at hand to use a PAIA webservice in combination with Shibboleth if the PAIA webservice is queried by a client which got authorized through Shibboleth? Or is this a scenario where https://github.com/gbv/paia/issues/42#issuecomment-92818240 would apply?