Shibboleth for SSO at UC Davis
Shibboleth/SAML for SSO at UC Davis
What is Shibboleth and SAML?
- Shibboleth is an implementation of the SAML protocols and profiles for web single sign-on.
- SAML's strengths lie in secure, cross-domain (federated) authentication and authorization, maintaining privacy when necessary.
http://shibboleth.net/
https://wiki.shibboleth.net/confluence/display/SHIB2/UnderstandingShibboleth - Federations allow allow scaling to potentially millions of users.
- UC Davis is a member of the InCommon (Internet2) and global eduGAIN Federations.
http://www.incommon.org/participants/
http://www.geant.org/Services/Trust_identity_and_security/eduGAINÂ - We also participate in UCTrust, a subset of InCommon member institutions comprised of UC campuses, UC Office of the President, and affiliated research labs.
- UC Davis is a member of the InCommon (Internet2) and global eduGAIN Federations.
Why use Shibboleth/SAML?
- If you might (eventually) wish to share your application to non-UC Davis clients, e.g. another UC campus.
- When attributes such as name, email address etc. need to be made available to your application when a client logs in, e.g. for personalization.
- When attribute values might be required to make access/authorization decisions, e.g. client affiliation.
Shibboleth-enabled applications, use cases, demonstrations, authentication workflow and necessary technical skills
- https://wiki.shibboleth.net/confluence/display/SHIB2/ShibEnabled
- https://wiki.shibboleth.net/confluence/display/SHIB2/DemonstrationSites
- https://wiki.shibboleth.net/confluence/display/CONCEPT/FlowsAndConfig
- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSkills
Steps to get started
Shibboleth SP Configuration Guide for installing an SP yourself
Supported platforms for the SP
https://wiki.shibboleth.net/confluence/display/SP3/ProtectContent
- Apache httpd
- Supports Tomcat through an AJP1.3 connector e.g.
mod_proxy_ajp
- Supports Tomcat through an AJP1.3 connector e.g.
- Microsoft IIS
- FastCGI
- Nginx