A number of  AAF Subscribers have expressed interested in undertaking authentication using the federation for non web based applications, e.g As part of PAM stack to undertake SSH logins to servers.

Unfortunately this is "not" currently possible with the technical solutions available to the AAF. However, there is work being undertaken with the AAF and the NeCTAR project, as well as in the international community to look for solutions to this problem faced by all SAML Federations.

The first is Shibboleth+ECP (Enhanced Client or Proxy) see AAF and the NeCTAR project are investigating support for ECP.

The second is a project called Moonshot that is being undertaken in the United Kingdom. See for more details. The project currently states that "Moonshot must not be used on production systems" for security reasons.

There is a comparison of the two approaches available at

The AAF has a watching brief on these projects and will continue to assess their progress. While they have made some advances, it expected that the technologies will not be available for some time. Please be sure to subscribe to AAF technical newsletters and discussion lists and we'll keep you informed when further information becomes available.