Gluu Blog

Follow us:
Back to Blog

Shibboleth Identity Provider (IdP): What it is, and why you should consider a Managed Service

Michael Schwartz December 12, 2012

Shibboleth is among the world’s most widely deployed federated identity solutions, connecting users to applications both within and between organizations.

Many organizations choose to deploy a Shibboleth Identity Provider (IdP) rather than a commercial single sign-on solution due to its “built in” privacy provisions and community driven open-source development. Shibboleth also boasts a lightweight memory footprint and includes support for multi-party federations, like the InCommon Federation.

View our webinar: How 11+ Universities are Using Gluu EDU to normalize and support a Shibboleth IdP.

As a federated system, a Shibboleth IdP supports secure access to resources across security domains. Information about a user (known as attributes) is sent from a home identity provider (IdP) to a service provider (SP), which prepares the information for protection of sensitive content and use by applications.

The Shibboleth software implements widely used federated identity standards, most notably the OASIS Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. Without going into excessive detail, this is how the resource-access process happens between the person, the IdP and the SP:

  1. User Attempts to Access a Protected Resource
  2. SP Determines IdP and Issues Authentication Request
  3. User Authenticates to the IdP
  4. IdP Issues Response to SP
  5. User is redirected back to the SP
  6. Access is granted to the Protected Resource

Why Use a Managed Service for your Shibboleth IdP: 

Configuring a Shibboleth Identity Provider involves technical know-how that can be expensive and time consuming to obtain, and difficult to retain (i.e. retaining employees with this skill set). Identity Management and Federation protocols and software such as SAML and Shibboleth are increasingly a niche expertise, which explains why, among other reasons, ID as a Service (IDaaS) has seen a significant rise in popularity.

A subscription to the Gluu Server can help you reduce the costs associated with building and operating open source software, such as a Shibboleth IDP. The Gluu Server stack includes open source software that enable your organization to support the following open web standards: SAML, OAuth2, LDAP and RADIUS.

At Gluu, we employ Shibboleth Identity Provider experts so you don’t have to. With Gluu’s managed Shibboleth IdP service and open source product suite, you can add a layer of support for increasingly complex SAML SSO requirements, while also aligning with OAuth2 and decreasing dependence on highly specialized skill sets.

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.

Reader Interactions

Trackbacks