Shibboleth: Federated Single Sign-On Authentication Service

More and more, institutions and organizations offer services and collaborate online. Typically, users access both online resources inside and outside their organizations to do their work. In the past, each of these services required its own ID and password and, for the user, that meant adding another set of credentials to that collection of sticky notes. Closing the security holes and keeping up with the access changes for the services on and off premises is quite a challenge. Shibboleth offers a way for users to access multiple services with a federated single sign-on framework, across or within institutional and organizational boundaries.

What is Shibboleth?
Shibboleth Federated Single Sign-On Authentication Service is a standards based, open source software package for web single sign-on across or within organizational boundaries. Shibboleth, a project of the Shibboleth Consortium, allows institutions to make authorization decisions for individual access of protected online resources. The Shibboleth software implements widely used federated identity standards, principally OASIS' Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. Using Shibboleth-enabled access simplifies management of identity and permissions for organizations supporting users and applications. Shibboleth is developed in an open and participatory environment, is freely available, and is released under the Apache Software License.

Whatever the goal of the Shibboleth deployment, Unicon provides the expertise required to give the confidence that comes with a professional implementation. Please read about Unicon’s services for Shibboleth, in the tabs below.

Unicon is an InCommon Affiliate and Participant. InCommon is a formal federation of organizations focused on creating a common framework for collaborative trust in support of research and education. InCommon Affiliates provide consulting, content, hosting, support, and training for the InCommon community.

 

Associated Services for Shibboleth

Consulting for Shibboleth

Several open source technologies come together to create a secure IT infrastructure. Web single sign-on technology is needed to protect sensitive information. Shibboleth, federated Web single sign-on, is needed to help institutions share resources and collaborate in a privacy preserving manner, across or within organizational boundaries.

Unicon offers consulting services for adopting the Shibboleth federated single sign-on authentication service. Unicon's Services Team supplies the expert guidance, execution, and development necessary to meet the specific needs of the institution or organization, maximizing the results in adopting Shibboleth.

Evaluation
Whether an institution or organization is in the process of implementing, updating, or maintaining Shibboleth, assessing and evaluating options can impact the success of the application. Unicon understands the importance of documenting goals, needs, and wants, and offers an evaluation service to institutions and organizations.

The evaluation service is a first-step for providing a snap-shot of where the institution or organization is or to help clarify a need for Shibboleth. An evaluation session can determine and prioritize the conditions and needs required for a new implementation, update, or customization to an existing Shibboleth instance. Unicon’s evaluation service includes surveys, reporting, and analysis, all helping institutions and organizations decide their business needs. Unicon also provides best practices for evaluation based on functionality, finances, support/maintenance, performance, usability, and security.

Mentoring
Mentorship assists in knowledge transfer to grow client’s expertise in Shibboleth-integrating applications and in developing for and maintaining a Shibboleth server. General Shibboleth mentorship affords institutions and organizations access to a Unicon developer/ consultant experienced in working with Shibboleth. Consultants are made available to assist and mentor staff.

Types of mentoring activities include: answering questions, helping staff execute on Shibboleth development, providing guidance on Shibboleth configuration tasks, performing research and producing documentation as requested up to the agreed amount of hours. Mentorship assists in knowledge transfer to grow an institution’s or organization’s staff expertise in the development of Shibboleth and for maintaining the Shibboleth instance.

Customization for Shibboleth

Unicon offers custom development services to integrate Shibboleth into the enterprise IT framework. Unicon can implement and customize Shibboleth for uPortal, Sakai, and other enterprise applications. Unicon offers software engineering expertise, to customize Shibboleth to meet the needs of the client. Let Unicon install the Shibboleth software onto hardware and configure it to validate credentials against the institution’s or organization’s authoritative credential platforms. Whatever the goal of a Shibboleth deployment, Unicon can provide the expertise required to give clients the confidence that comes with a professional implementation.

Integration for Shibboleth

Shibboleth is a secure federated single sign-on authentication system for enterprise applications and platforms and provides a trusted way for an application to authenticate a user, across or within organizational boundaries. Shibboleth is a valuable part of an institution’s or organization’s identity and access management strategy. An enterprise Web single sign-on solution is only valuable when applications make use of it, so Unicon offers systems integration services to assist with conversion of applications to use Shibboleth for authentication.

Shibboleth is among the world's most widely deployed federated identity solutions, connecting users to applications both within and between institutions or organizations. These connections help users collaborate in a safe environment. Integrating Shibboleth into an institution’s or organization’s IAM infrastructure addresses numerous challenges including scaling the account management of multiple applications, and security issues associated with accessing third-party services.

Solution Delivery for Shibboleth

It takes skill and expertise to install Shibboleth in a well-defined, usable manner. Unicon has extensive experience deploying Shibboleth. Unicon has developed best practices to help facilitate a successful, stable implementation for clients. Unicon’s expert Project Managers guide clients through each phase of implementation, from brainstorming and planning to maintenance and support. While each of these services may be purchased separately, investing in the full package is ideal to avoid common pitfalls and ensure a seamless execution.

A successful deployment depends on taking advantage of the complete set of services listed below.

Support for Shibboleth

Protect the investment in Shibboleth and gain all of the advantages of this open source software designed specifically for institutions and organizations plus top-quality, professional support from a commercial vendor. Unicon’s Open Source Support program is SLA-driven and backed by an accountable team of open source experts. Take advantage of a flexible, customizable open source support service with direct access to dedicated developers, consultants, and system administrators each possessing deep experience within the select open source projects. Get the backing of technical expertise and professional service all at an affordable price.

Other Sevices for Shibboleth

Hosting
Unicon can host an institution’s or organization’s instance of Shibboleth. Unicon’s hosting service is designed to maximize productivity, performance, and security, with a state-of-the-art data center and a team of experienced service delivery veterans.

Performance Testing
Enlist Unicon to optimize the performance of applications through on-going (iterative) application performance testing. Unicon’s proven methodology ensures applications will perform as expected to meet business needs.

Upgrades
As the open source community continues to make enhancements and adjustments to Shibboleth, new versions are released. These upgrades can be difficult for institutions or organizations to complete without a strong commercial vendor. Unicon’s services offer an ease of migration to the newest release of Shibboleth.

Prior to upgrade, Unicon recommends a thorough review of the client's environment, to determine the scope of the upgrade based on the extent of customization. Services can include integration of existing configuration and/or customizations in one or more client environments.

User Experience
Unicon offers a user experience service to help institutions and organizations deliver a polished, visually appealing authentication application that follows the key principles of user experience design: useful, useable, desirable, findable, accessible, credible, and valuable.

History of Shibboleth

The Shibboleth project was started in 2000 under the MACE working group to address problems in sharing resources between organizations with often wildly different authentication and authorization infrastructures. Architectural work was performed for over a year prior to any development. After an alpha, two betas, and two point releases were distributed to testing communities, Shibboleth 1.0 was released on July 1, 2003. Shibboleth 1.3 was released on August 26, 2005, with several point releases since then. Shibboleth 2.0 was released on March 19, 2008.

Shibboleth Documentation and Video on Demand