Shibboleth IDP: what it is, and why to consider a platform like Gluu
Shibboleth is a free open source web single sign-on (SSO) system with rich attribute-exchange based on open standards, most notably SAML.
Shibboleth has widespread adoption at higher education and government organizations due to “built in” privacy provisions that meet the obligations of accredited schools and security conscious organizations. Other benefits include a lightweight memory footprint and support for multi-party federations, like InCommon, which provide tools (software) and rules (legal agreements) for autonomous organizations to establish trust with each other at scale.
As a federated system, a Shibboleth IDP supports secure access to resources across security domains. Information about a user, otherwise known as attributes, are sent from a home identity provider (IDP) to a service provider (SP), which prepares the information for protection of sensitive content and use by applications.
A typical user flow between the Shibboleth IDP and SP is outlined below:
- User attempts to access a protected resource at an SP
- SP determines which IDP to send the user for login, and issues an authentication request
- User authenticates to the IDP
- IDP issues a response to the SP
- The user is redirected back the SP
- Access to the protected resource is granted or denied.
Gluu Server vs. Shibboleth IDP
Deploying, configuring and operating a Shibboleth IDP (and comprehensive SSO service) is not an insignificant undertaking. In addition, a SAML IDP like Shibboleth is, on its own, not enough to deliver a modern SSO service for web and mobile applications.
When we started Gluu in 2009, our mission was to build a utility platform organizations could use to deliver a robust SSO service using free open source software, including, but not limited to the Shibboleth IDP. Additional open source components in the Gluu Server include an OpenID Connect Provider (OP) and UMA Authorization Server (AS) for modern web and mobile SSO and API access management requirements; authentication middleware to support inbound identity requirements like Social Login; and an LDAP directory service to store data needed and generated by the service.
Without all of the above, it is impossible to support modern identity & access management (IAM) requirements for web and mobile applications.
In addition, features are only half the battle. Authentication systems are mission critical IT infrastructure that require continual care and feeding. In an effort to reduce total cost of ownership (TCO), we’ve also invested significantly in making the Gluu Server easy to install, backup, and operate. And we offer free and VIP support to help grow the community of DIYers and professionals who understand digital identity.
Net-net, if you have SSO/IAM requirements and you’ve decided you want to use free open source software, do yourself a favor and give the Gluu Server a spin.