[log in to unmask]" type="cite"> Keep in mind that InCommon implements only the WAYF component of Shibboleth.  Organizations may choose to implement a non-Shibboleth IdP that produces Shibboleth-compatible assertions (as Shib people like to call them) or "claims" (as Microsoft and others call them).  Microsoft has created their own IdP called "ADFS" (Active Directory Federation Services).  ADFS is Shib compatible.  Most federation scenarios for SharePoint involve the use of ADFS.  There are some people who have gone the Shibboleth integration route, but they are riding the bleeding edge, and in something of precarious support situation.  Owing to the complexity of the SharePoint technology stack, I really don't want to be out on the bleeding edge.  We cannot stand on it without getting badly cut (to extend the analogy).

We are already in our own precarious place right now with PartnerPoint.  No one really likes PartnerPoint... it is not really supportable, it likely will not be updated for compatibility with the 2010 version of SharePoint Services.  And yet, we have a fair number of PartnerPoint users for whom we need to provide a working alternative solution.  A bad situation to be in, and one that was brought on by a lack of respect for the dangers of bleeding edge technology.

After our last investigation into this issue, we concluded that there were no great solution for SharePoint federation.  We put this project on hold pending the release of ADFS v2 (just released late this fall) to see if new interoperability scenarios became available.  We also have been awaiting SharePoint 2010 documentation to see what the allegedly naively claims-aware version of the application can do for us.

To summarize... I have been thinking about this situation actively.  It is going to take more time before a solid and supportable solution becomes available.

-Greg

On 1/4/2010 5:59 PM, David Todd wrote:

[log in to unmask]" type="cite"> Greg,

    Microsoft is an InCommon member, and I vaguely recall some discussion that they were implementing Shib in Sharepoint.  Is there some way you can check to see if that's in the Sharepoint roadmap?

On 1/4/10 5:53 PM, J. Greg Mackinnon wrote:

[log in to unmask]" type="cite">Some people are doing this... it is not trivial to configure, though.  We have been considering implementing federated single sign-on for SharePoint (presumably using Shibboleth in some capacity) for awhile now.

However, one of the main problems with Shibboleth is that not everyone we want to collaborate with is a member of the "InCommon" federation (in fact, almost none of them are).  It is a chicken-and-egg problem... there is no reason to use Shib in your applications until other people have Shib Identity Providers (IdP), and other people have little motivation to implement an IdP unless you have an application for them to use it with.

As an interim solution, we have been considering the use of the "guestnet" account database (currently used for guest Wi-Fi access at UVM) as an additional authentication source for Shibboleth to allow external affiliates with no access to a Shibboleth infrastructure to sign on.

Anyway, we really need to start thinking seriously about how to make federated sign-on work for SharePoint.  PartnerPoint is proving itself unwieldy.

-Greg Mackinnon
ETS Systems Architecture and Administration

On 1/4/2010 3:13 PM, Andrew Hendrickson wrote:

Just a related geek question for the Sharepoint admins:  Can Sharepoint be connected to Shibboleth?

I'm not sure if this would apply in this situation but it may in other future situations.

Quoting Kevin Hytten <[log in to unmask]> Mon, 04 Jan 2010:

Kieran,

Take a look at:

https://sharepoint.uvm.edu/SharePoint%20Howto/ExternalUsers.aspx

Here is information about what you are looking for - creating an
external user account.  Note, I think you need to have your site set up
first - you can create a new Sharepoint site here:

https://sharepoint.uvm.edu/default.aspx

Click on the link under "Create your own site..."

--Kevin


Kieran M. Killeen wrote:

Hello....I am interested in building a sharepoint site to  facilitate collaboration across multiple universities. Can I create  such a sharepoint site at UVM? Will I need to assign a unique ID  and password for non-UVM employees to access such a sharepoint?

I appreciate any help you can provide. Thank you.