NOTE the recommendations herein are that, recommendations. Many other hardware/software variations can be used successfully, this is simply meant to give you an idea of what types of systems you should be looking at.
The following hardware is suffcient for deploying an !IdP that could be used to learn about Shibboleth and demonstrate a small exemplar use case (on the order of 25-40 logins per minute).
The following hardware is suited for a production deployment supporting around 150 simultaneous requests.
To increase the availability the production machines should have their hard drives mirrored (RAID 1). Also the use of multiple servers and load balancing hardware is suggested.
Unlike most web applications the IdP is CPU bound, because of the large number of cryptographic operations performed. Most multi-core systems sacrifice some CPU speed, because of thermal issues, in order to get more cores on the CPU. Since Java 1.5 most JVMs do now scale across cores but it is our recommendation that faster cores, over more cores, is still the better option. This results in lower response times (because the crypto operations are performed more quickly) but slightly less overall throughput.
Generally the IdP is run within Tomcat with an Apache HTTP server front-end. Apache 2 and Java 1.5 are recommended. Be sure to tune both Apache and the JVM used by Tomcat appropriately.
The most influential tuning within Apache is the MPM used and how it's configured. The worker MPM is strongly encouraged. We recommend very few servers and a fair number of threads within each (maybe 3-5 servers and 75-100 threads).
Proper tuning of the JVM is the single most important factor in IdP performance (assuming you don't choke connections with unreasonably restrictive Apache configs). Assuming a Sun JVM the following items should be configured: