Configuration How-To's

These sections provide descriptions of how to perform specific tasks sectioned off by SP, IdP, interoperability, and others.

BuildAFederation: This step-by-step guide describes how to create your own federation for SSO and your own community.
SessionManagement: Shibboleth and applications it protects use a lot of types of sessions. Configure them for security and usability.
EAuthenticationDeployment: Shibboleth 1.3 includes a certified eAuthentication compliant protocol handler
IntegrateWithLDAP: Integrate your Shibboleth deployment with LDAP groups in an effective way.
ShareNewAttribute: Add a new attribute to your bilateral or federated interactions.
AlternateProfiles: Use attribute push and/or the Artifact profile.

AddSP: Communicate with a new SP
Define, gather, and release a new attribute
InteropWithOnedotOne: How to handle a 1.1 SP from a newer IdP
CreateUsefulContainerLogs: configure the servlet container (Tomcat) to create useful, fine grained adjustable logs using log4j
IdPMultipleFederations: Interoperating with multiple federations using one IdP
Authenticate based on IP address: Optionally authenticate a user for a particular service based solely on their IP address, such as for kiosks and libraries.
BlockStaleRequests: Detect when users hit the Back button or bookmark improperly.
BlameSP: Report malformed AuthnRequest errors as the fault of the SP and not a local issue.
Deny Unknown Providers: Deny requests sent from SPs for which no metadata can be found.
Interoperate with a commerical SAML Service Provider: Have your IdP interoperate with a commercial Service Provider running SAML

SPMultipleRPs: Use a single SP with multiple relying parties, e.g. multiple federations
AddSeparateApplication: Make an SP identify an application on the same webserver as a separate Application/providerId (eg for a vhost)
NewSPAttribute: Add support for and acceptance of a new attribute for the SP
LazySession: Take advantage of everything lazy sessions can do for the user experience
SPForwardProxy: Deploy the SP in a forward-proxy web environment
SPNoSSL: Deploy the SP behind SSL accelerators and load balancers
InteropWithOnedotOne: How to handle a 1.1 IdP from a newer SP
JavaContentProtection: Protect content within Java webapps protected by Shibboleth either directly or through mod_jk
AccessControl: Protect content using static access control rules before serving pages
DenyIdP: Restrict the ability of some IdPs within a federation to access a resource
ExportAssertions: Expose raw SAML information via the HTTP_SHIB_ATTRIBUTES header

ShibbolizedConfluence: One approach to integrating Shibboleth with the Confluence Wiki
ShibbolizedBedework: One approach to integrating Shibboleth with Bedework (an open-source, enterprise calendar system for higher education).

ConfigurationHowTos