Home | Open Source | Shibboleth

Shibboleth: Federated Single Sign-On Authentication Service

More and more, institutions and organizations offer services and collaborate online. Typically, users access both online resources inside and outside their organizations to do their work. In the past, each of these services required its own ID and password and, for the user, that meant adding another set of credentials to that collection of sticky notes. Closing the security holes and keeping up with the access changes for the services on and off premises is quite a challenge. Shibboleth offers a way for users to access multiple services with a federated single sign-on framework, across or within institutional and organizational boundaries.

What is Shibboleth?

Shibboleth Federated Single Sign-On Authentication Service is a standards based, open source software package for web single sign-on across or within organizational boundaries. Shibboleth, a project of the Shibboleth Consortium, allows institutions to leverage attributes for authorization decisions for individual access of protected online resources. The Shibboleth software implements widely used federated identity standards, principally OASIS' Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. Using Shibboleth-enabled access simplifies management of identity and permissions for organizations supporting users and applications. Shibboleth is developed in an open and participatory environment, is freely available, and is released under the Apache Software License.

Hosted Shibboleth Identity Provider (IdP)

Whatever the goal of the Shibboleth deployment, whether a client decides to host on-premise or in the AWS cloud, Unicon provides the expertise required to give the confidence that comes with a professional implementation.

Unicon is a Internet2 Trust and Identity Solution Provider, and an InCommon Participant. InCommon is a formal federation of organizations focused on creating a common framework for collaborative trust in support of research and education. Internet2 Trust and Identity Solution Providers offer expertise in software, support, integration, and other identity services for higher education.

Please read about Unicon’s services for Shibboleth, in the tabs below.

Associated Services for Shibboleth

Consulting for Shibboleth

Several open source technologies come together to create a secure IT infrastructure. Web single sign-on technology is needed to protect sensitive information. Shibboleth, federated Web single sign-on, is needed to help institutions share resources and collaborate in a privacy preserving manner, across or within organizational boundaries.

Unicon offers consulting services for adopting the Shibboleth federated single sign-on authentication service. Unicon's Services Team supplies the expert guidance, execution, and development necessary to meet the specific needs of the institution or organization, maximizing the results in adopting Shibboleth.


Whether an institution or organization is in the process of implementing, updating, or maintaining Shibboleth, assessing and evaluating options can impact the success of the application. Unicon understands the importance of documenting goals, needs, and wants, and offers an evaluation service to institutions and organizations.

The evaluation service is a first-step for providing a snap-shot of where the institution or organization is or to help clarify a need for Shibboleth. An evaluation session can determine and prioritize the conditions and needs required for a new implementation, update, or customization to an existing Shibboleth instance. Unicon’s evaluation service includes reporting along with analysis to help institutions and organizations decide their business needs. Unicon also provides best practices for evaluation based on functionality, finances, support/maintenance, performance, usability, and security.


Mentorship assists in knowledge transfer to grow client’s expertise in Shibboleth-integrating applications and in developing for and maintaining a Shibboleth server. General Shibboleth mentorship affords institutions and organizations access to a Unicon developer/ consultant experienced in working with Shibboleth. Consultants are made available to assist and mentor staff.

Types of mentoring activities include: answering questions, helping staff execute on Shibboleth development, providing guidance on Shibboleth configuration tasks, performing research and producing documentation as requested up to the agreed amount of hours. Mentorship assists in knowledge transfer to grow an institution’s or organization’s staff expertise in the development of Shibboleth and for maintaining the Shibboleth instance.

Customization for Shibboleth

Unicon offers custom development services to integrate Shibboleth into the enterprise IT framework. Unicon implements, customizes, and configures Shibboleth to interact with any SAML-compliant application (service/ relying provider), whether those be enterprise applications or cloud-based services/ applications. Unicon can create new authentication handlers, intercepts, storage handlers, and additional customization as needed. Unicon modifies and extends the user interface as needed.

Whatever the goal of a Shibboleth deployment, Unicon provides the expertise required to give clients the confidence that comes with a professional implementation.

Integration for Shibboleth

Shibboleth is a valuable part of an institution’s or organization’s identity and access management strategy. An enterprise web single sign-on solution is only valuable when applications make use of it, so Unicon offers systems integration services to assist with conversion of applications to use Shibboleth for authentication. Integrating Shibboleth into an institution’s or organization’s IAM infrastructure addresses numerous challenges including scaling the account management of multiple applications, along with security issues associated with accessing third-party services. This enables users to collaborate in a secure environment. Unicon's team of experts has handled hundreds of integrations, applying not only technological expertise but project management and program management skill sets.

Solution Delivery for Shibboleth

It takes skill and expertise to install Shibboleth in a well-defined, usable manner. Unicon has extensive experience deploying Shibboleth. Unicon has developed best practices to help facilitate a successful, stable implementation for clients. Unicon’s expert Project Managers guide clients through each phase of implementation, from brainstorming and planning to maintenance and support. While each of these services may be purchased separately, investing in the full package is ideal to avoid common pitfalls and ensure a seamless execution.

A successful deployment depends on taking advantage of the complete set of services listed below.

Support for Shibboleth

Protect the investment in Shibboleth and gain all of the advantages of this open source software designed specifically for institutions and organizations plus top-quality, professional support from a commercial vendor. Unicon’s Open Source Support program is SLA-driven and backed by an accountable team of open source experts. Take advantage of a flexible, customizable open source support service with direct access to dedicated developers, consultants, and system administrators each possessing deep experience within the select open source projects. Get the backing of technical expertise and professional service all at an affordable price.

Hosting for Shibboleth

Unicon has developed a hosted Shibboleth identity provider (IDP) environment using the latest version of Shibboleth with a robust feature set. The Unicon identity and access management (IAM) team has architected a redundant, load-balanced cloudbased infrastructure for federated single sign-on in the cloud using a defined streamlined implementation process.

Services for a Hosted Shibboleth 3.x IDP

The hosted Shibboleth IDP in the cloud solution provides a standard and repeatable process for Shibboleth managed services in a cloud environment, with a straight forward all-inclusive pricing model.

Base Unicon services include:

  • Requirement Identification
  • Set-up and Configuration
  • Performance Testing
  • Technical Support
  • Upgrades

Additional services:

  • Customization
  • Increased Technical Support Option

Other Services for Shibboleth

Performance Testing

Enlist Unicon to optimize the performance of applications through on-going (iterative) application performance testing. Unicon’s proven methodology ensures applications will perform as expected to meet business needs.


As the open source community continues to make enhancements and adjustments to Shibboleth, new versions are released. These upgrades can be difficult for institutions or organizations to complete without a strong commercial vendor. Unicon’s services offer an ease of migration to the newest release of Shibboleth.

Prior to upgrade, Unicon recommends a thorough review of the client's environment, to determine the scope of the upgrade based on the extent of customization. Services can include integration of existing configuration and/or customizations in one or more client environments.

User Experience

Unicon offers a user experience service to help institutions and organizations deliver a polished, visually appealing authentication application that follows the key principles of user experience design: useful, useable, desirable, findable, accessible, credible, and valuable.

History of Shibboleth

The Shibboleth project was started in 2000 under the MACE working group to address problems in sharing resources between organizations with often wildly different authentication and authorization infrastructures. Architectural work was performed for over a year prior to any development. After an alpha, two betas, and two point releases were distributed to testing communities, Shibboleth 1.0 was released on July 1, 2003. Shibboleth 1.3 was released on August 26, 2005, with several point releases since then. Shibboleth 2.0 was released on March 19, 2008. In December 2014, the first release of a significantly refactored Shibboleth Identity Provider (IdP) 3.0 was made, with the latest (as of this writing) release being 3.3.1 in March 2017. The latest release of the Shibboleth Service Provider (SP) is version 2.6 as of June 2016.

Shibboleth Documentation and Video on Demand