Recently, the InCommon identity providers (IdPs) at Clemson University and University of Utah enabled support for SAML ECP ("Enhanced Client or Proxy"), which allows for the exchange of SAML attributes outside the context of a web browser. ECP support is very useful for non-browser cyberinfrastructure applications, such as shell-based access to campus computing clusters. CILogon staff worked with the Clemson and Utah IdP operators to verify that their IdPs' ECP support successfully enables access to CILogon certificate issuance outside the browser. In our experience, enabling ECP in current Shibboleth IdP deployments is a relatively straightforward process. This collaborative effort around SAML ECP was supported in part by the FeduShare project (NSF award 1440609), which is designing a system architecture supporting self-managed collaboration and federation of services for scientific research.
In addition to Clemson and Utah, the list of ECP-enabled IdPs working with CILogon includes: LIGO Scientific Collaboration, LTER Network, University of Chicago, University of Illinois at Urbana-Champaign, University of Michigan, University of Washington, and University of Wisconsin-Madison. If you'd like to use SAML ECP with CILogon, please contact us at firstname.lastname@example.org.