The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.


While 3.0 is now released, some of this documentation is out of date or incomplete. It will remain so barring a decision by the Consortium to fund its completion as a work item, but we are working to gradually improve it as time permits. If you have important needs, raise them on the so we can prioritize the time we spend on topics.

This document provides an overview of the design of the Identity Provider and material necessary to assist anybody working on extensions. Deployers of the Identity Provider, especially those with advanced needs, may find the material in here useful as well, but we do not intend that it be necessary for most deployers to read it.

If you're interested in developing with the code, or contributing to it, refer to DevelopmentEnvironmentSetup for help in getting started.

  1. General Architecture
  2. Persistence
  3. Profile Handling
  4. Authentication
  5. Sessions
  6. Subject Canonicalization
  7. Attribute Resolver
  8. Attribute Filter
  9. Attribute Consent and Terms of Use
  10. Reloadable Configurations
  11. Administration
  12. Building Extensions

If you use Eclipse, there are some projects the team uses for development testing that you may find useful.

Some additional information can be found in these topics until we integrate it into this material:

  1. Developing Attribute Resolver Extensions