Shibboleth: Federated Single Sign-On Authentication Service
More and more, universities, companies, and government agencies offer services and collaborate online. Typically, users access both online resources inside and outside their organizations to do their work. In the past, each of these services required its own ID and password and, for the user, that meant adding another set of credentials to that collection of sticky notes. For the institution, closing the security holes and keeping up with the access changes for the services on and off campus was quite a challenge. Shibboleth offers a way for users to access multiple services with a federated single sign-on framework. Unicon is offering Shibboleth services which help you integrate Shibboleth with multiple applications including uPortal and Sakai.
Unicon is an InCommon Affiliate and Participant. InCommon is a formal federation of organizations focused on creating a common framework for collaborative trust in support of research and education. InCommon Affiliates provide consulting, content, hosting, support, and training for the InCommon community.
Click here for Shibboleth Services from Unicon.
To learn more about Shibboleth, view the following webinars by clicking the links below.
What is Shibboleth?
Shibboleth Federated Single Sign-On Authentication Service is a standards based, open source software package for web single sign-on across or within organizational boundaries. Shibboleth, a project of the Internet2 Middleware Initiative, allocates institutions to make authorization decisions for individual access of protected online resources. The Shibboleth software implements widely used federated identity standards, principally OASIS' Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. Shibboleth also provides extended privacy functionality allowing the browser user and their home site to control the attributes released to each application. Using Shibboleth-enabled access simplifies management of identity and permissions for organizations supporting users and applications. Shibboleth is developed in an open and participatory environment, is freely available, and is released under the Apache Software License.
What is Federated Single-Sign On?
Federated single sign-on is a user's authentication across multiple IT systems or organizations after the user enters his or her name and password only once. This allows users to travel across many different physical networks by reducing the number of passwords they have to remember to only one.
Why Adopt Shibboleth?
What makes Shibboleth’s single sign-on unique is that it is federated, therefore eliminating the need for students and faculty to maintain multiple passwords and usernames across multiple systems. Some of the advantages to adopting Shibboleth are:
- Reduction of cost by eliminating the need to scale one-off or proprietary solutions.
- Increased security and lower risk by enabling an organization to identify and authenticate a user once, and then use that identity information across multiple systems, including external partner websites.
- Improved privacy compliance by allowing the user to control what information is shared, or by limiting the amount of information shared.
- Improved end-user experience by eliminating the need for new account registration or the need to redundantly login through cross-domain single sign-on.
History of Shibboleth
The Shibboleth project was started in 2000 under the MACE working group to address problems in sharing resources between organizations with often wildly different authentication and authorization infrastructures. Architectural work was performed for over a year prior to any development. After an alpha, two betas, and two point releases were distributed to testing communities, Shibboleth 1.0 was released on July 1, 2003. Shibboleth 1.3 was released on August 26, 2005, with several point releases since then. Shibboleth 2.0 was released on March 19, 2008.
Unicon Services for Shibboleth
To adopt this single sign-on, federated authentication service, Unicon can help.
- Implementation Planning
- Branding and User Experience
- Installation and Configuration
- Custom Development
- Shibbolize uPortal, Sakai, and other applications