By justme on Mar 14, 2007
I have just completed the implementation for bulk federation. The code is under review now. Here is an abstract of a paper that I have written with the help of my co-workers
A typical process of federating a user between an identity provider and a service provider is 1. The user authenticates to his service provider; 2. He/she chooses an identity provider and authenticates with it. Once this is done, a name identifier is created and it is used to identify this user in both providers. Both providers keep this name identifier in the user's profiles to make the federation non transient. This name identifier is removed from the user's profiles when defederation happens. In this paper, we describe two sub commands in Command Line tool that helps an organization to federate users between an identity provider (IDP) and a service provider (SP) on their behalf.