uApprove

2.3

aai@switch.ch

Extension that enables users to consent to the release of attributes.

uApprove JP

2.x

GakuNin

Forked version of uApprove (above), which allows users to select attributes to be released.

GridShib for Shib2

?

gridshib-users@globus.org

Enables the IdP to issue Holder-of-Key SAML assertions.

X.509 Login Handler

2.3

aai@switch.ch

The x509-login-handler implements an authentication handler for the Shibboleth IdP and will set the authentication context class urn:oasis:names:tc:SAML:2.0:ac:classes:X509.

IdP Audit Log Analysis Tool

2.x, 3.x

dev@shibboleth.net (subscription required)

Provides IdP usage statistics by analyzing audit log files.

shlook

2.X

bbellina@usc.edu

IdP monitoring script for graphing Shibboleth usage

ECP

2.x

users@shibboleth.net (subscription required)

Provides ECP support. Note ECP support was rolled in to the main IdP distribution in version 2.3, do not attempt to use this plugin with that, or future, versions.

RESTful webservice connector

2.x

Provides an attribute data connector to a RESTful webservice.

Dynamic Metadata Provider

2.2

yang.xiang@rzg.mpg.de

Provides a dynamic metadata provider which is based on the newest HTTP metadata provider.

Web Service Data Connector

2.x

nick.x.newman@gmail.com

Provides a connector that can be used to extract attributes from a web service. (And the web service, in turn, can obtain those attributes from almost anywhere.)

Multi Factor Login Handler

2.?, 2.4.x

klas@yubico.com

This is a JAAS-based login handler for Multi Factor authentication (one, two or more factors).

MongoDB connector

2.?

stefan@unitedid.org

Provides an attribute data and persistent ID connector for MongoDB.

OrientDB Connector

2.x

jonathan.tellier@gmail.com

Provides an attribute data connector for OrientDB.

Memcached StorageService

2.3+

haim@hrz.uni-marburg.de

Provides an easy way to connect your Shibboleth IdP to a memcached server, in order to create a stateful cluster. It is intended to be a lightweight alternative to using the Terracotta software.

Ohio State Custom Login Handler

2.2+

dev@shibboleth.net (subscription required)

Ohio State extensions, primarily a custom login module for SSO with stateless clustering, and workflow-like login handler with Velocity-based UI and post-login notification hooks.

German ID card Login Handler

2.x

am@secure-dimensions.com

Provides support authentication with the German ID card (nPA).

Kerberos Login Handler

2.3

aai@switch.ch

The Kerberos Login Handler uses the kerberos protocol to implement an SSO (Single Sing On) authentication mechanism.

User Agent Based Attributes

2.3

service@ukfederation.org.uk

An extension to the username/password login handler and a new data connector that allows for the creation of new attributes based on the IP address of the user agent at authentication time.

Facebook Login Servlet

2.?

jaftowicz@man.poznan.pl

Facebook Login Servlet (FLS) provides three way integration among Identity Provider, Facebook and SQL database. With its help, user can perform quick authentication, based on credentials retrieved from Facebook Graph and data received from SQL database.
Connection with a SQL database is completely optional and FLS can use Facebook as a data provider and forward User Fields from Facebook as attributes to Service Provider. In this case FLS evolves into Facebook "Data Connector".

Duo Two-Factor Authentication Login Handler

2.3

http://www.duosecurity.com/product

The Duo Two-Factor Authentication Login Handler for Shibboleth adds Duo Security two-factor authentication to an existing JAAS user authentication for Shibboleth identity providers. It is based on the Shibboleth UsernamePassword login handler.

Infinispan Storage Service

2.3+

users@shibboleth.net (subscription required)

A replacement storage service for Shibboleth IdP v2 that uses Infinispan to provide cluster support.

SSO-CAS Login Handler

2.x

fed-contact@listes.renater.fr

The SSO-CAS Login Handler allows the use of forced authentication while using a SSO-CAS server to authenticate the user.

Munin plugins

2.x

sporth@oit.umass.edu

Munin plugins to graph IdP requests and logins per relying party.  Requires the IdP Audit Log Analysis Tool to parse the log files.

Shibboleth-CAS Authenticator

2.3+

dkopylenko@unicon.net

A Shibboleth IdP external authentication plugin that delegates the authentication to the CAS. Supports the ability to utilize a full range of native CAS protocol features such as renew and gateway

Status Servlet with Terracotta support

2.3+

beall@usc.edu

A servlet to for better status monitoring of an IdP node which is using Terracotta.

Changing IdP Signature Method Algorithm

2.3+

users@shibboleth.net

Instructions and template code for writing a Java Spring bean that can be used to change the IdP signature method algorithm from SHA1 to other algorithms.

Multi-Context Broker

2.3+

users@shibboleth.net

The Multi-Context Broker login handler implements the InCommon Assurance requirements.

Database Backed Storage Service

2.3+

users@shibboleth.net

The Database Backed Storage Service is a replacement storage service for Shibboleth that uses a RDMS for session persistence.

Match functors for MDRPI elements

2.4

service@ukfederation.org.uk

Enables the identity provider to include a requesting entity's registrationAuthority attribute in attribute release policies.

NIIF SLO plugin

2.4+

haim@hrz.uni-marburg.de

Single Logout (SLO) implementation by the Hungarian NIIF institute, but rewritten as plugin for a default Shibboleth IdP 2.4

Attribute Query

2.5 or later

GakuNin Federation/PEOFIAMP

Allows making SAML Attribute Queries via /Shibboleth.sso/AttributeQuery?entityID=...&nameId=... and getting back (user) attributes in a JSON data structure. Also includes a Python script attributequery.py to execute in a terminal. This extension is faster and more interoperable than using the resolvertest binary that is bundled with the SP.