NativeSPSkills

The primary skills required to support the Shibboleth SP successfully are the same skills required to run the underlying web server platform in a production fashion. In other words, using the SP with Apache requires that you understand Apache well, and the same for IIS, etc. If you don't have those skills, it is suggested that you find somebody who does, because you may spend much of your time floundering with issues that have nothing much to do with the SP itself.

In addition to those basic skills, the following are generally required to work with the SP successfully and diagnose problems:

  • standard OS-level knowledge (e.g., how to deal with software installation/uninstallation, manipulate/edit configuration files, start/stop processes, etc.)
  • a basic working knowledge of public key cryptography, similar to the kinds of skills needed to deploy SSL certificates
  • a good working knowledge of XML, how to edit and sanity-check it, diagnose parser error messages, etc.
  • a basic understanding of the web at the level of cookies, redirects, forms, etc.
  • a basic understanding of web authentication

Identity providers and federations can supply configuration instructions and files to help make things easier, but some Shibboleth configuration requires a thorough understanding of the application and webspace itself.

If load balancing or proxying will be used, an understanding of how the proxying and load balancing works is very beneficial, especially with regard to the impact on TLS/SSL usage and how URL virtualization is supported on the chosen web server. Note that IIS does not support such virtualization and the workarounds to make it appear to support this are not for the faint of heart.

The most important aspects of application integration are discussed in "Shibbolizing" a Resource.