Shibboleth

Shibboleth is a web-based single sign-on infrastructure based on the Security Assertion Markup Language (SAML) standard. Developed as part of the Internet2 middleware initiative and now managed by the Shibboleth Consortium, it enables federated identity management across organizational boundaries. Core Components: • Identity Provider (IdP): Authenticates users and provides identity information to service providers • Service Provider (SP): Consumes identity assertions and grants access to protected resources • Discovery Service (DS): Helps users select their home institution for authentication • Metadata Aggregator: Processes and queries metadata for organizations with multiple identity providers Current Release: Shibboleth Identity Provider 5.1.4 (March 2025) • Active development with regular security updates and feature enhancements • Support for SAML 2.0 with advanced encryption and authentication options • Flexible configuration with hierarchical attribute management • Enhanced scalability and customization capabilities Key Features: • Cross-domain single sign-on without shared credentials • Privacy-preserving attribute release policies • Flexible authentication delegation and IdP proxying capabilities • Support for multiple authentication mechanisms • Extensive integration with web servers and applications • Standards-compliant SAML implementation Organizational Support: • Managed by the Shibboleth Consortium with over 50 members from 17 countries • Widely deployed in academic institutions, identity federations, and commercial organizations • Open source software licensed under Apache 2.0 • Community-driven development roadmap with professional support options Technical Architecture: • Java-based implementation with Spring Framework • Plugin architecture for extensibility • Web-based configuration and management interfaces • Support for multiple platforms including Windows, macOS, and Linux • Integration with LDAP, Active Directory, and various authentication systems Shibboleth is among the most widely deployed identity management software in the world, providing secure and seamless access to protected online resources while maintaining user privacy and organizational autonomy.