...
- Shibboleth IdP (local) - Integrated with the local IdMS and operated locally, the baseline for comparison.
- ADFS IdP - Microsoft's SAML implementation for Active Directory, operated locally.
- SimpleSAMLphp IdP - An open source IdP written in PHP, integrated with the local IdMS and operated locally.
- Outsourced Shibboleth IdP - Shibboleth, integrated with the local IdMS and operated by a third party.
- Outsourced Vendor IdP - A non-Shibboleth SAML IdP, integrated with the local IdMS and operated by a third party, such as Ping Identity.
- CAS (local) with Outsourced IdP - A SAML IdP, either Shibboleth or vendor, integrated with the local IdMS and operated by a third party, that uses a local CAS deployment for authentication.
- Google Apps Gateway - An OIDC-to-SAML gateway, often operated by a third party, for institutions that make use of Google Apps for Education.
- Hub and Spoke (or Trusted Third Party) IdP - An IdP representing members of a well-defined group of institutions, such as a community college system or school district.
Fact finders were assigned to investigate each of these alternatives. See Alternative IdP Strategies and Assessment Criteria, which provides summaries of the alternatives' functional capabilities, effort and expertise required for deployment and operation, benefits, risks, and other pros and cons.
...