I am going in circles while determining a best, "lightweight" route in having both saml and Oauth server capabilities
Requirements
- Have a heavy weight saml idp perfectly running and integrated into apps (shib)
- Users need to use a unique combo of authentication (yep, web/browser based and at least for a while we don't foresee changing this browser requirement (embedded or otherwise )
Which of following is a good trade-off?
Run an independent (but under our control) an Oauth server -- use shib idp for authentication (saml bearer token flow)
Use U chicago's mitre-shib openid connect -- https://github.com/uchicago/shibboleth-oidc not sure if plan vanilla Oauth2 flavor is supported --guessing it should
Migrate and use openAM -- monstrous work needed I believe to have a third party authentication integrated
Any other simple light ways to get this shib idp reused for Oauth2 tokens?
yes, my ignorance of any workable sol --happy to learn here
