The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

UnderstandingShibboleth

Owned by Scott Cantor
Last updated: May 09, 2012 by ChadCVersion comment
1 min read

Understanding Shibboleth

  • Shibboleth Introduction: A basic introduction to Shibboleth.
  • DeploymentBackground: Introductory information for performing a deployment of Shibboleth.
  • ShibbolethWalkthrough: Take a detailed technical tour through the Shibboleth software.
  • MetaData: Overview of how SAML 2.0 metadata is used in the Shibboleth software.
  • KeysAndCertificates: A detailed discussion of the variety of keys and certificates found in a typical deployment.
  • TrustManagement: Discussion of how keys and certificates are evaluated by Shibboleth software.
  • AttributeNaming: Suggestions on the proper way to name attributes for SAML expression.

Understanding IdP Features and Issues

add content

Understanding SP Features and Issues

  • RedirectGeneration: Shibboleth and its web environment must be properly configured for redirects to work
  • ServiceProviderHandler: URL-invoked functions implemented by the SP software
  • SessionInitiator: Handler function that handles the creation of an AuthnRequest, may be triggered automatically when accessing protected content or by an application at runtime
  • AttributeAcceptancePolicy: Defines attributes and rules for processing them by an SP
  • AddressChecking: Policies applied by the SP to enforce a consistent client network address across requests, making session theft harder by requiring source address spoofing
  • RelayState: Mechanism for SP to remember information about the resource request during an AuthnRequest
  • SpoofingBug: Details regarding potential vulnerabilities arising from header spoofing.