Australian Access Federation Support Desk

Federated authentication for non web applications

by Dean Nottingham Follow

A number of  AAF Subscribers have expressed interested in undertaking authentication using the federation for non web based applications, e.g As part of PAM stack to undertake SSH logins to servers.

Unfortunately this is "not" currently possible with the technical solutions available to the AAF. However, there is work being undertaken with the AAF and the NeCTAR project, as well as in the international community to look for solutions to this problem faced by all SAML Federations.

The first is Shibboleth+ECP (Enhanced Client or Proxy) see http://wiki.aaf.edu.au/tech-info/identity-provider/enabling-ecp-support. AAF and the NeCTAR project are investigating support for ECP.

The second is a project called Moonshot that is being undertaken in the United Kingdom. See http://project-moonshot.org for more details. The project currently states that "Moonshot must not be used on production systems" for security reasons.

There is a comparison of the two approaches available at http://digitalinnovators.wordpress.com/2011/09/13/browserless-fed-s....

The AAF has a watching brief on these projects and will continue to assess their progress. While they have made some advances, it expected that the technologies will not be available for some time. Please be sure to subscribe to AAF technical newsletters and discussion lists and we'll keep you informed when further information becomes available.

Have more questions? Submit a request

Was this article helpful?
0 out of 0 found this helpful

Comments

Powered by Zendesk