One thing to keep in mind is that the EZProxy SP implementation is not
quite as full-featured as the native Shibboleth SP client. We
discovered that EZProxy's SP could not handle chaining attribute
authorities, which pretty much ruled that path out for us. So we ended
up setting up a simple shib-enabled proxy server application, which does
all the authentication and authorization, then passes a verified request
along to EZProxy.
But if your use case is simple (all your attributes come from the same
IdP that handles the authentication), EZProxy's built-in SP should be fine.
On 05/26/2016 01:39 PM, Michael Berkowski wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi all,
> We're doing early investigation into switching our hosted ILLiad from LDAP
> authentication over to Shibboleth for a few continuity & usability reasons.
> Based on my reading of ILLiad documentation, Shibboleth can be accomplished
> via a RemoteAuth delegation, but for hosted ILLiad it must go through EZproxy.
> That's fine -- we would appreciate the flexibility EZproxy could provide.
> I would be interested to hear from the community if any of you have delegated
> ILLiad's auth through EZproxy, Shibboleth or otherwise, hosted or local
> EZproxy. I've found a few older presentation slides & EZproxy list
> discussions on it; setup seems more or less straightforward for EZproxy. Did
> anything catch you by surprise?
> - --
> Michael Berkowski
> University of Minnesota Libraries
> [log in to unmask]
> PGP Public Key: http://z.umn.edu/mjbpubkey
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> -----END PGP SIGNATURE-----
Shared Development Group
General Library System
University of Wisconsin - Madison