Shibboleth IDP: What it is, and why to consider a bundled platform like Gluu
Many people are interested in deploying a Shibboleth Identity Provider (IdP) to enable secure organizational single sign-on (SSO).
Shibboleth is a free, open-source web single sign-on system with rich attribute-exchange based on open standards, most notably SAML. Shibboleth has widespread adoption in higher education and government due to “built in” privacy provisions that meet the privacy obligations of accredited schools and security conscious organizations. Other benefits of Shibboleth include a lightweight memory footprint and support for multi-party federations, like InCommon.
As a federated system, a Shibboleth IdP supports secure access to resources across security domains. Information about a user, otherwise known as attributes, are sent from a home identity provider (IdP) to a service provider (SP), which prepares the information for protection of sensitive content and use by applications.
These so-called federations, while not a purely technical construct, can often be used to help providers trust each other in a scalable way. A typical use case is a person accessing a protected resource, authenticating at their identity provider, and ending up back at the resource logged in.
Without going into excessive detail, this is how the resource-access process actually happens, and how it fits with the IdP and SP configuration:
1. User Attempts to Access a Protected Resource
2. SP Determines IdP and Issues Authentication Request
3. User Authenticates to the IdP
4. IdP Issues Response to SP
5. Back to the SP
6. Access Granted to the Protected Resource
Why Use the Gluu Server for your Shibboleth IdP:
Configuring and operating a Shibboleth Identity Provider and comprehensive SSO service involves technical know-how that can be time consuming to obtain and expensive to retain (i.e. keeping employees with the necessary skill sets). The Gluu Server makes deployment of the Shibboleth IDP simple through our open source packages. It allows you to avoid the trouble of building Shibboleth from source, and also equips you with a graphical user interface for easy management and support for additional newer federation protocols like OpenID Connect and UMA.
Shibboleth on it’s own is a very solid product. However SAML has in many ways has plateaued, and if you want to get the most out of your investment, you should consider future-proofing your solution by supporting newer OAuth 2.0 based technologies.