Currently, Option 1 is the preferred option as it presents the most flexible and capable solution. Option 2 lacks flexibility, and Option 3 has undesirable implications for managing attribute release.
Option 1 - Using the ABFAB IDP/RPP FreeRadius modules
- Here you will find instructions on how to configure the ABFAB IDP FreeRadius module to issue SAML assertions from the RADIUS IdP.
- Here is information on another option for handling SAML assertions (for use with very simple deployments or for testing purposes only).
Option 3 - Using an existing SAML Identity Provider
- Here you will find instructions on what to do if your organisation already has a SAML Identity provider and wishes to re-use that to issue SAML assertions.
- This page includes instructions on how to configure software to issue SAML on the same server as the RADIUS server.