Date: Fri, 29 Mar 2024 09:15:38 +0000 (UTC) Message-ID: <652999975.23.1711703738192@f725ed78bc69> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_22_1012668605.1711703738192" ------=_Part_22_1012668605.1711703738192 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
We get a lot of confused or mistaken requests to =E2=80=9Cjoin= =E2=80=9D the Consortium from people who are not clear on what Shibboleth i= s and isn=E2=80=99t. If you=E2=80=99re being asked to =E2=80=9Cjoin=E2=80= =9D, =E2=80=9Cconnect=E2=80=9D, or =E2=80=9Csupport=E2=80=9D Shibboleth and= you get referred here, it=E2=80=99s an attempt to save us time and hopeful= ly address that confusion.
We=E2=80=99re an open source software project that makes software to sup= port SAML, OpenID Connect, and in general various kinds of standards suppor= ting =E2=80=9Cfederated web single sign-on=E2=80=9D, the ability to log int= o web sites efficiently using a central component called an Identity Provid= er acting as a login service for many applications that may live in many di= fferent organizations.
Our software is =E2=80=9Cjust=E2=80=9D software, and has to be installed= and managed by somebody to do what it does. We are not a = service, and we do not host our software for other people or provide a shar= ed environment you connect to by paying us. We do not provide accounts for = end users, we do not see any transactions our software may be used to suppo= rt, and we are not in the middle of any relationship you have with anybody = you get service from (e.g., we don=E2=80=99t deal with libraries, journals,= contracts, etc.).
In particular, we are not a service that provides subscriptions= to any online resources such as library journals or databases. Our softwar= e is a means to manage access to those resources in place of other mechansi= sms such as proxy servers or IP restrictions, but we do not provide the sub= scriptions. That is a matter between your organization and those services. = Paying us gets you access to none of them.
If you=E2=80=99re asked to support it for an application or service, wha= t the person asking is really saying (imprecisely if not incorrectly) is th= at they want you to support federated login to your particular web service/= platform, generally via SAML. They want you to let their users log into you= r services using their local credentials via their local login server inste= ad of requiring a password issued by you or by Google or whatever solution = you might be using.
Our =E2=80=9Cniche=E2=80=9D is higher education, where there are large f= ederations of universities and service providers that work together on the = federated login problem using the SAML standard. Our software is not unique= to that use case, nor to SAML, but that=E2=80=99s where we have mindshare = so that=E2=80=99s usually the source of inquiries.
Supporting the SAML standard, whether in higher education or some other = sector does not require using our software. It does mean deploying= some kind of new software in your infrastructure/platform that changes how= you do something very, very critical and so is not a simple task or someth= ing to do on a whim. You will need help from IT staff, either yours or from= a third party. And you will have to change things. There are ways to suppo= rt this feature with more or less =E2=80=9Cinvasiveness=E2=80=9D but there = are no =E2=80=9Czero-footprint=E2=80=9D options.
Our software has pros and cons like any other way of doing anything. It = takes research and experience to know how to find the right solution for an= y technical problem, and chances are if you=E2=80=99re very new to the issu= e, Shibboleth won=E2=80=99t be a great fit. We make complex software for co= mplex needs and we assume a lot of knowledge up front, as is common with op= en source.
If you are part of an organization with users that access resources and = services managed by other organizations and you want, or somebody has asked= you, to support Shibboleth for that access, they are asking you to support= federated login by your users (using your existing credentials) to other s= ervices, generally via SAML. You would then have to decide on an approach t= o deliver an Identity Provider technical solution to enable this to happen,= either with software you install and run (like Shibboleth) or by buying a = service from somebody else.
Our =E2=80=9Cniche=E2=80=9D is higher education, where there are large f= ederations of universities and service providers that work together on the = federated login problem using the SAML standard. Our software is not unique= to that use case, nor to SAML, but that=E2=80=99s where we have mindshare = so that=E2=80=99s usually the source of inquiries.
No and yes.
Our software is free under the Apache 2.0 soft= ware license and anybody can download or install it, there is no regist= ration process, and no charge, for any sort of use.
We are, again, not a service you connect to, so you cannot pay us to run= our software for you. There are companies that do offer that sort of thing= (see the Commercial Support section of https://www.shibboleth.net/support/ ).
The technical support options we make available are a mix of free/open t= o all and restricted options for members. See https://wiki.= shibboleth.net/confluence/display/consort/Technical+Support+Options for= a summary. So it is possible to run it for free, and get free help from th= e community at times for relatively simple problems.
On the other hand, once you become a deployer of our software, and parti= cularly if it=E2=80=99s for a commercial purpose, you should consider that = you=E2=80=99re freeloading by taking what we make and not giving anything b= ack. We only survive as a project because of the money people are willing t= o give us voluntarily. When that stops, we stop. Open source doesn=E2=80=99= t survive when it=E2=80=99s literally unfunded. If you use the software, yo= u should pay for that, and in return you will get some benefit back in the = form of access to the developers for help, and a stronger voice in developm= ent priorities.
See https://www.shibbol= eth.net/membership/ for the details on this, but do understand that thi= s is voluntary and not a condition of using the software, nor does it get y= ou any kind of running instance of the software or an =E2=80=9Caccount=E2= =80=9D or some sort of turnkey answer.