Third Party Extensions

These independent projects aim to extend the functionality of the standard Shibboleth software in various ways. Some make use of the standard extensions mechanism built into Shibboleth, while others require more invasive patching of the Shibboleth code.

IdP Extensions

HA Shib

Provided By: Georgetown University
URL: https://www.middleware.georgetown.edu/confluence/display/MW/hashib
Shibboleth increasingly contains in-memory state, be it handle/principal mappings, artifact/assertion mappings, etc. For organizations that wish to deploy multiple Shibboleth instances and provide fail-over or load balancing functionality this in-memory state can present a problem. This project is a Shibboleth 1.3 extension that replicates the in-memory state information between nodes.

ShARPE

Provided By: Meta Access Management System Project
URL: http://federation.org.au/ShARPE
ShARPE's aim is to manage the creation and maintenance of user's attributes as defined by Attribute Release Policy (ARP) mechanism of Shibboleth. In particular, ShARPE allows admins and users to easily manage their release attribute policy in a way that conforms to their privacy and satisfaction of users in gaining the services that they want.

ARP Constraints

Provided By: University of Southern California
URL: http://its.usc.edu/~bbellina/gds/software/shibboleth/
Note: This feature is included in Shibboleth 1.3.1, so this patch is only necessary for versions prior to that. The Shibboleth ARP Rule Constraint is a patch for Shibboleth 1.3 IdP to allow ARPs to constrain the release of attributes to Service Providers based on the values of user attributes. This patch is a direct port of the ARP Constraint code that will be included in Shibboleth 2.0 and is backward compatible with existing Shibboleth 1.3 ARPs.

Deny Anonymous Auth

Provided By: University of Southern California
URL: http://its.usc.edu/~bbellina/gds/software/shibboleth/anondeny/
Note: This feature is included in Shibboleth 1.3.1, so this patch is only necessary for versions prior to that. The Shibboleth Deny Anonymous SP is a patch for Shibboleth 1.3 IdP to deny access to anonymous Service Providers. The patch allows a configuration option which by default is set to allow anonymous access, which matches the default behavior of unpatched Shibboleth 1.3. When the option is set to deny access to anonymous SPs any attempt by a SP to retrieve assertions from the IdP will result in an denial error message.