...
- Universities are showing increased interest in allowing certain classes of potential users to authenticate via Social IdPs (Twitter, Facebook, Gmail, Yahoo,...) and access SAML-protected services and resources. The only path open at present is to rely on a Social2SAML gateway of some sort that authenticates a user via a social IdP and then transforms that into a SAML authentication and attribute assertion. Since multiple gateways already exist, there are multiple ways the transformation is being accomplished. There is wide agreement that gateways are always a sub-optimal solution, but they are hard to get rid of once usage is entrenched. The ideal would be to include multiple protocol support in the native SP package. Now is the time to see if gateway providers can agree on how social IdP information is represented in SAML assertions. If we have one, or a small number, of ways of doing this, it becomes easier to incorporate that support in a native SP package.