The Enhanced Client/Proxy profile is an extension to the SAML 2.0 protocol suite that adds support for non-browser tools and applications to establish a Shibboleth session.
Enabling ECP sessions requires several steps to be completed:
- Enable ECP in the Shibboleth SP configuration on the service to be accessed via ECP
- Register ECP support for this SP in the Federation Registry
- Enable ECP on all IdPs accessing this service
For testing ECP, there is a bash and python implementation of ECP at https://wiki.shibboleth.net/confluence/display/SHIB2/Contributions#Contributions-Other%2CRelated%2CContributions
- IdP ECP profile configuration: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPSAML2ECPProfileConfig
- SAML 2.0-Errata-5 notes on ECP and Metadata: http://docs.oasis-open.org/security/saml/v2.0/errata05/csprd01/saml-v2.0-errata05-csprd01.html#__RefHeading__8068_1983180497