Configuration How-To's
These sections provide descriptions of how to perform specific tasks sectioned off by SP, IdP, interoperability, and others.
Get your deployment to...
- BuildAFederation: This step-by-step guide describes how to create your own federation for SSO and your own community.
- SessionManagement: Shibboleth and applications it protects use a lot of types of sessions. Configure them for security and usability.
- EAuthenticationDeployment: Shibboleth 1.3 includes a certified eAuthentication compliant protocol handler
- IntegrateWithLDAP: Integrate your Shibboleth deployment with LDAP groups in an effective way.
- ShareNewAttribute: Add a new attribute to your bilateral or federated interactions.
- AlternateProfiles: Use attribute push and/or the Artifact profile.
Get an IdP to...
- AddSP: Communicate with a new SP
- Define, gather, and release a new attribute
- InteropWithOnedotOne: How to handle a 1.1 SP from a newer IdP
- CreateUsefulContainerLogs: configure the servlet container (Tomcat) to create useful, fine grained adjustable logs using log4j
- IdPMultipleFederations: Interoperating with multiple federations using one IdP
- Authenticate based on IP address: Optionally authenticate a user for a particular service based solely on their IP address, such as for kiosks and libraries.
- BlockStaleRequests: Detect when users hit the Back button or bookmark improperly.
- BlameSP: Report malformed AuthnRequest errors as the fault of the SP and not a local issue.
- Deny Unknown Providers: Deny requests sent from SPs for which no metadata can be found.
- Interoperate with a commerical SAML Service Provider: Have your IdP interoperate with a commercial Service Provider running SAML
Get a C++ SP to...
- SPMultipleRPs: Use a single SP with multiple relying parties, e.g. multiple federations
- AddSeparateApplication: Make an SP identify an application on the same webserver as a separate Application/providerId (eg for a vhost)
- NewSPAttribute: Add support for and acceptance of a new attribute for the SP
- LazySession: Take advantage of everything lazy sessions can do for the user experience
- SPForwardProxy: Deploy the SP in a forward-proxy web environment
- SPNoSSL: Deploy the SP behind SSL accelerators and load balancers
- InteropWithOnedotOne: How to handle a 1.1 IdP from a newer SP
- JavaContentProtection: Protect content within Java webapps protected by Shibboleth either directly or through mod_jk
- AccessControl: Protect content using static access control rules before serving pages
- DenyIdP: Restrict the ability of some IdPs within a federation to access a resource
- ExportAssertions: Expose raw SAML information via the HTTP_SHIB_ATTRIBUTES header
Packaged Application Integration
- ShibbolizedConfluence: One approach to integrating Shibboleth with the Confluence Wiki
- ShibbolizedBedework: One approach to integrating Shibboleth with Bedework (an open-source, enterprise calendar system for higher education).