What is Shibboleth and SAML?

• Shibboleth is an implementation of the SAML protocols and profiles for web single sign-on.
• SAML's strengths lie in secure, cross-domain (federated) authentication and authorization, maintaining privacy when necessary.
  • https://www.shibboleth.net/
  • https://wiki.shibboleth.net/confluence/display/CONCEPT/Home
• Federations allow allow scaling to potentially millions of users.
  • UC Davis is a member of the InCommon (Internet2) and global eduGAIN Federations.
    • https://www.incommon.org/federation/incommon-federation-participants/
    • http://www.geant.org/Services/Trust_identity_and_security/eduGAIN 
  • We also participate in UCTrust, a subset of InCommon member institutions comprised of UC campuses, UC Office of the President, and affiliated research labs.

Why use Shibboleth/SAML?

• If you might (eventually) wish to share your application to non-UC Davis clients, e.g. another UC campus.
• When attributes such as name, email address etc. need to be made available to your application when a client logs in, e.g. for personalization.
• When attribute values might be required to make access/authorization decisions, e.g. client affiliation.

Shibboleth-enabled applications, use cases, demonstrations, authentication workflow and necessary technical skills

• https://wiki.shibboleth.net/confluence/display/SHIB2/ShibEnabled
• https://wiki.shibboleth.net/confluence/display/SHIB2/DemonstrationSites
• https://wiki.shibboleth.net/confluence/display/CONCEPT/FlowsAndConfig
• https://wiki.shibboleth.net/confluence/display/CONCEPT/NativeSPSkills

Steps to get started

• Shibboleth SP Configuration Guide for installing an SP yourself  
• SAML SSO Vendor Integration

Supported platforms for the SP

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPProtectContent

• Apache httpd
  • Supports Tomcat, Jetty etc. through an AJP1.3 connector e.g. mod_proxy_ajp
• Microsoft IIS
• FastCGI
• Sun/iPlanet
  • Note: Sun/iPlanet is not supported by campus.

Contact

shibadmin@ucdavis.edu