Configuring Shibboleth

Taking a Shibboleth !IdP or SP to production must be done carefully. The default packaging and installation of the components involves trusting test providers and federations which are unsecured. Access by these providers should be removed or strictly limited before going towards production using the steps described below.

IdP Configuration

Configuration by Topic: Comprehensive configuration information divided by function
Production Configuration Guide: Steps to move from the initial install to a production ready system
Common Errors: A list of common errors and resolutions
Upgrading an existing IdP: Upgrading from version 1.2 to 1.3 and updating existing 1.3 installs
Deploying in a Load Balanced Environment: Instructions for deploying in a load balanced environment
MsADFSIntegration: Integrating Microsoft's ADFS with the IdP

Native SP Configuration:

Configuration by Topic: Comprehensive configuration information divided by function
Production Configuration Guide: Steps to move from the initial install to a production ready system
Common Errors: A set of solutions to common errors encountered
Upgrading an existing SP: Upgrading an existing 1.3 install
Deploying in a Load Balanced Environment: Instructions for deploying in a load balanced environment
MsADFSIntegration: Integrating Microsoft's ADFS with the SP

The WAYF

There are also several important user interface considerations to ensure access is intuitive. The only significant hurdle here is the WAYF service, which requires individuals to select their home institution. The problem gets stickier with multiple federations and protection systems. There are many ways to handle this, but deployers should be careful to protect the ability to select different institutions when necessary.

IdP Discovery Service (WAYF): Use portals, buttons, and cookies to affect WAYF behavior

Miscellaneous Production Information

DistributedProtection: Some appropriate ways to enable webapps and pages to specify their own protection while maintaining privacy

Browser not supported