Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
Teams
, (opens new window)

Shibboleth 2
Results will update as you type.
  • Community Resources
    • Contributions
      • BlackboardShibProposal
      • Changing IdP Signature Method Algorithm
      • Database Backed Storage Service
      • Duo 2FA Login Handler
      • German ID card Login Handler
      • Hosting Shibboleth SP in Azure
      • IdP Audit Log Analysis Tool
      • IdP ECP Extension
      • IdP Infocard
      • IdP OpenID
      • Integrating Nginx and a Shibboleth SP with FastCGI
      • Kerberos Login Handler
      • Memcached StorageService
      • MongoDB connector
      • Multi Factor Login Handler
      • Multi-Context Broker
      • NIIF SLO plugin
      • OrientDB Connector
      • Proposed New Default Login Page screenshots
      • Shibboleth IdP Probe
      • Shibbolize a CAS server
      • SP Infocard
      • SSO-CAS Login Handler
      • Status Servlet with Terracotta support
      • X.509 Login Handler
      • XmlSecTool
    • DemonstrationSites
    • ShibEnabled
  • Developer Resources
  • How-To Articles
  • Installation and Configuration
  • SecurityAdvisories
  • Software Concepts
You‘re viewing this with anonymous access, so some content might be blocked.
/
Contributions

    The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

    Contributions

    Jun 05, 2018

    Shibboleth 2 Contributions and Extensions

    Identity Provider Extensions

    The following extensions are software components that may be installed into the Shibboleth 2 Identity Provider.

    Extension

    Supported IdP Versions

    Maintainer Contact Info.

    Description

    uApprove

    2.3

    aai@switch.ch

    Extension that enables users to consent to the release of attributes.

    uApprove JP2.xGakuNinForked version of uApprove (above), which allows users to select attributes to be released.

    GridShib for Shib2

    ?

    gridshib-users@globus.org

    Enables the IdP to issue Holder-of-Key SAML assertions.

    X.509 Login Handler

    2.3

    aai@switch.ch

    The x509-login-handler implements an authentication handler for the Shibboleth IdP and will set the authentication context class urn:oasis:names:tc:SAML:2.0:ac:classes:X509.

    IdP Audit Log Analysis Tool

    2.x, 3.x

    dev@shibboleth.net (subscription required)

    Provides IdP usage statistics by analyzing audit log files.

    shlook

    2.X

    bbellina@usc.edu

    IdP monitoring script for graphing Shibboleth usage

    ECP

    2.x

    users@shibboleth.net (subscription required)

    Provides ECP support. Note ECP support was rolled in to the main IdP distribution in version 2.3, do not attempt to use this plugin with that, or future, versions.

    RESTful webservice connector

    2.x


    Provides an attribute data connector to a RESTful webservice.

    Dynamic Metadata Provider

    2.2

    yang.xiang@rzg.mpg.de

    Provides a dynamic metadata provider which is based on the newest HTTP metadata provider.

    Web Service Data Connector

    2.x

    nick.x.newman@gmail.com

    Provides a connector that can be used to extract attributes from a web service. (And the web service, in turn, can obtain those attributes from almost anywhere.)

    Multi Factor Login Handler

    2.?, 2.4.x

    klas@yubico.com

    This is a JAAS-based login handler for Multi Factor authentication (one, two or more factors).

    MongoDB connector

    2.?

    stefan@unitedid.org

    Provides an attribute data and persistent ID connector for MongoDB.

    OrientDB Connector

    2.x

    jonathan.tellier@gmail.com

    Provides an attribute data connector for OrientDB.

    Memcached StorageService

    2.3+

    haim@hrz.uni-marburg.de

    Provides an easy way to connect your Shibboleth IdP to a memcached server, in order to create a stateful cluster. It is intended to be a lightweight alternative to using the Terracotta software.

    Ohio State Custom Login Handler

    2.2+

    dev@shibboleth.net (subscription required)

    Ohio State extensions, primarily a custom login module for SSO with stateless clustering, and workflow-like login handler with Velocity-based UI and post-login notification hooks.

    German ID card Login Handler

    2.x

    am@secure-dimensions.com

    Provides support authentication with the German ID card (nPA).

    Kerberos Login Handler

    2.3

    aai@switch.ch

    The Kerberos Login Handler uses the kerberos protocol to implement an SSO (Single Sing On) authentication mechanism.

    User Agent Based Attributes

    2.3

    service@ukfederation.org.uk

    An extension to the username/password login handler and a new data connector that allows for the creation of new attributes based on the IP address of the user agent at authentication time.

    Facebook Login Servlet

    2.?

    jaftowicz@man.poznan.pl

    Facebook Login Servlet (FLS) provides three way integration among Identity Provider, Facebook and SQL database. With its help, user can perform quick authentication, based on credentials retrieved from Facebook Graph and data received from SQL database.
    Connection with a SQL database is completely optional and FLS can use Facebook as a data provider and forward User Fields from Facebook as attributes to Service Provider. In this case FLS evolves into Facebook "Data Connector".

    Duo Two-Factor Authentication Login Handler

    2.3

    http://www.duosecurity.com/product

    The Duo Two-Factor Authentication Login Handler for Shibboleth adds Duo Security two-factor authentication to an existing JAAS user authentication for Shibboleth identity providers. It is based on the Shibboleth UsernamePassword login handler.

    Infinispan Storage Service

    2.3+

    users@shibboleth.net (subscription required)

    A replacement storage service for Shibboleth IdP v2 that uses Infinispan to provide cluster support.

    SSO-CAS Login Handler2.xfed-contact@listes.renater.frThe SSO-CAS Login Handler allows the use of forced authentication while using a SSO-CAS server to authenticate the user.
    Munin plugins2.xsporth@oit.umass.edu

    Munin plugins to graph IdP requests and logins per relying party.  Requires the IdP Audit Log Analysis Tool to parse the log files.

    Shibboleth-CAS Authenticator2.3+dkopylenko@unicon.netA Shibboleth IdP external authentication plugin that delegates the authentication to the CAS. Supports the ability to utilize a full range of native CAS protocol features such as renew and gateway
    Status Servlet with Terracotta support2.3+beall@usc.eduA servlet to for better status monitoring of an IdP node which is using Terracotta.
    Changing IdP Signature Method Algorithm2.3+users@shibboleth.netInstructions and template code for writing a Java Spring bean that can be used to change the IdP signature method algorithm from SHA1 to other algorithms.
    Multi-Context Broker2.3+users@shibboleth.netThe Multi-Context Broker login handler implements the InCommon Assurance requirements.
    Database Backed Storage Service2.3+users@shibboleth.netThe Database Backed Storage Service is a replacement storage service for Shibboleth that uses a RDMS for session persistence.
    Match functors for MDRPI elements2.4

    service@ukfederation.org.uk

    Enables the identity provider to include a requesting entity's registrationAuthority attribute in attribute release policies.
    NIIF SLO plugin2.4+haim@hrz.uni-marburg.deSingle Logout (SLO) implementation by the Hungarian NIIF institute, but rewritten as plugin for a default Shibboleth IdP 2.4

    Service Provider Extensions

    The following extensions are software components that may be installed into the Shibboleth 2 Service Provider.

    Extension

    Supported SP Versions

    Maintainer Contact Info.

    Description

    Attribute Query2.5 or laterGakuNin Federation/PEOFIAMPAllows making SAML Attribute Queries via /Shibboleth.sso/AttributeQuery?entityID=...&nameId=... and getting back (user) attributes in a JSON data structure. Also includes a Python script attributequery.py to execute in a terminal. This extension is faster and more interoperable than using the resolvertest binary that is bundled with the SP.

    Discovery Service Extensions

    The following extensions are software components that may be installed into the Shibboleth 2 Discovery Service.

    Extension

    Supported DS Versions

    Maintainer Contact Info.

    Description

    Documentation

    Name

    Maintainer Contact Info.

    Description

    SP on openSUSE

    jpr@uab.edu

    Notes on building, configuring, and testing the Shibboleth 2.0 SP on openSUSE 10.3

    IDP on SuSE SLES10

    shibboleth@lrz.de

    Setting up the IDP 2.0 on SuSE Linux Enterprise Server (SLES10) (German)

    SP on Xserve

    luca.testoni@unimore.it

    Notes on installing and configuring Shibboleth 2.0 SP on Mac OSX 10.5 (Leopard) XServe
    (italian language)

    Japanese Tutorial

    repeatedly@gmail.com

    Shibboleth 2 Introduction, Installation, and Configuration

    Hosting SP in Azurekool@uw.eduHosting the IIS Shibboleth SP in Azure
    Integrating Nginx and a Shibboleth SP with FastCGIDavid BeiteyHow to utilise Nginx as a front-end web server and integrate it with Shibboleth.
    Shibbolize a CAS server
    kefo1760@colorado.edu
    Front a CAS server with a Shib-SP and recycle the attributes. (a different cas integration)
    Shibboleth IdP Probe
    trscavo@internet2.edu
    A bash script that probes a sequence of Shibboleth IdPs to determine which are based on the Shibboleth IdP V2 software

    Other, Related, Contributions

    Other software components or documentation related to the use of Shibboleth 2.

    Name

    Maintainer Contact Info.

    Description

    XmlSecTool

    users@shibboleth.net (subscription required)

    Java-based tool for downloading, checking well-formedness, schema validity, and signature of XML documents. Also provides ability to sign XML documents.

    Shule Aroon

    repeatedly@gmail.com

    A discovery service, written in Ruby.

    JBoss-SAML

    nick.x.newman@gmail.com

    An all-Java SP. A Git patch to configure JBoss such that any standard deployed applications become SAML enabled. From a clean JBoss download do "git apply path-to-patch" to apply the changes. A README is supplied. I based the patch on JBoss-6.0.0.M2, but hopefully it with work with other versions too. If you really can't work with the patch I may be able to provide the complete SP, but the patch is really better since it is not tied so tightly to a single JBoss version and it lets you see what has been done.

    simple bash ECP client 

    Scott Koranda

    A simple demonstration ECP client written in bash. It requires bash 4 and the curl and xlstproc command line tools. It has been tested on Debian Jessie against a Shib 2.4.4 and 3.2.1 IdP and Shib 2.5.6 Native SP.

    simple Python ECP client

    Scott Koranda

    A simple demonstration ECP client written in Python. It requires Python 2.6+ and the Python lxml toolkit. It has been tested on Debian Wheezy against a Shib 2.4.4 and 3.1.1 IdP and Shib 2.5.4 Native SP.

    PKI enabled Python 3.4 ECP client

    Rob EastmanA PKI enabled Python 3.4 ECP client that can take in as arguments a single URL or a "\n" separated file of URLs. Especially helpful for enabling web crawlers to crawl a SAML 2.0 ECP enabled site that requires a PKI certificate at the IdP. Tested with Shibboleth SP 2.5.3 and IdP 2.4.3.

    IdP Load Tester

    Steve Thorpe

    stressTest.sh and its companion program check_sp-test.my.org_shib_login.pl are meant to help "stress test" a Shibboleth IdP (and SP). I used it to run about successful 150-200 logins per minute, using an IdP running on a VM on older HW, with only 512MB RAM. The code exercises SP -> WAYF -> IdP -> SP end-to-end tests and produces ASCII output. YOU WILL NEED TO READ AND UNDERSTAND THE CODE BEFORE USING THIS, as modifications will be required. Though its only 200-300 lines of code, so hopefully it won't be too difficult to figure that out. To unroll the gzipped tarball, do the following from a Linux command line: gunzip idpLoadTester.tar.gz; tar -xvf idpLoadTester.tar

    Devise Shibboleth Authenticatable RubyGem

    Joe George

    Devise Shibboleth Authenticatable is a Shibboleth based authentication strategy for the Devise authentication framework, http://github.com/plataformatec/devise.

    ECP implementation in PHPIvan NovakovFlexible and easily extensible PHP library for creating ECP enabled applications.S
    Chef Cookbooks for ShibbolethElliot Kendall

    Chef Cookbooks to install and configure the Shibboleth IdP, the Shibboleth SP, and Terracotta as Shibboleth IdP clustering solution.

    JAGGER Resource RegistryJanusz UlanowskiWeb-based GUI for managing multiple federations (or webs of trust) and a Shibboleth IdP's metadata providers and attribute policy.
    Salt formula for ShibbolethMatthew X. EconomouSaltStack formula that installs and configures the Shibboleth IdP, the Shibboleth SP, and the Shibboleth DS; currently tested against CentOS 7 and FreeBSD 10, and intended for use with CentOS/Debian/FreeBSD/RHEL/SUSE/Ubuntu/Windows.

      File Modified

    Labels

    • No labels
    Preview View

    File idpLoadTester.tar.gz

    Oct 25, 2011 by Steve Thorpe

    Labels

    • No labels
    Preview View

    File schema.tgz Hacked XSD schema files for validation of SAML metadata

    Jun 08, 2013 by peter

    Labels

    • No labels
    Preview View

    File ecp_pki_ref_client.py

    Apr 27, 2015 by Former user

    Labels

    • No labels
    Preview View

    File ecp.py Tested against IdP 3.2.1

    Apr 27, 2016 by skoranda@uwm.edu

    Labels

    • No labels
    Preview View

    File ecp.sh Tested against IdP 3.2.1

    Apr 27, 2016 by skoranda@uwm.edu
    Download All

    , multiple selections available,
    {"serverDuration": 11, "requestCorrelationId": "8ac6d6dfbd054f749a2da8ac42739fb8"}