Edit WYSIWYGattachfile Attach PDF Raw View►More Actions▼More Actions


Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in ShibAuth web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in ShibAuth web only

Revision Date Username Comment
5507 Nov 2013 - 10:20ChristopherBongaartsadd link to github API group 
5419 Nov 2012 - 11:15ChristopherBongaartsrevert spam 
5318 Nov 2012 - 04:01gx075107? 
5208 Oct 2012 - 09:34ChristopherBongaartsminor updates 
5105 Jul 2012 - 13:46gx063874?added and removed some spaces as an anonymous guest - Jenny B. 
5005 Jul 2012 - 10:23ChristopherBongaartsrevert spam 
4905 Jul 2012 - 01:18gf060097? 
4828 Mar 2012 - 12:43ChristopherBongaartsupdate headings, remove treeview 
4728 Mar 2012 - 10:19ChristopherBongaarts 
4627 Mar 2012 - 11:04CraigGjerdingen 
earlier first

Render style:     Context:


 History: r55 < r54 < r53 < r52 < r51
You are here: UMWiki>ShibAuth Web>WebHome (07 Nov 2013, ChristopherBongaarts)

Shibboleth at the University of Minnesota

What is Shibboleth?

Shibboleth is a software product that implements the Security Assertion Markup Language (SAML) authentication protocol.

Shibboleth is the new standard web signon system at the University of Minnesota, replacing the old Central Authentication Hub (a.k.a. "cookieauth"), which will be retired soon.

In SAML, an Identity Provider (IdP) generates assertions about an authentication event or a user. These assertions are sent to a Service Provider (SP), which validates the assertions and uses the data in them. For example, an SP could use name data to personalize their site, or job code data to enforce access controls.

The University of Minnesota Office of Information Technology (OIT) runs a Shibboleth IdP, which SPs can use for authentication and obtaining X.500 directory data about an authenticated user.

Installation and Configuration of Service Providers

Most deployments at the University should be able to follow similar instructions for setup.

Application Integrations and Alternative Implementations

There are many implementations of the SAML protocol available. Some applications and platforms natively implement SAML support, or directly support integration with the Shibboleth SP. For most other uses we recommend the Shibboleth SP implementation, as it is the most widely used in higher education and interoperates best with our Shibboleth IdP. There is also a UMN Github Shib Community group with a community-designed API for integrating apps with the Shib SP, as well as implementations in several languanges/platforms.

Converting from Cookie Auth Hub to Shibboleth

Converting applications Cookie Auth Hub (CAH) to Shibboleth is usually straightforward.

Cloud/Hosted Services

Third-party hosted or “cloud” applications are an ideal fit for SAML authentication; indeed, off-campus library resources were one of the original use cases behind the Shibboleth project.

Frequently Asked Questions and Glossary

See ShibFAQ for frequently asked questions about Shibboleth, including common error messages. We also have a ShibGlossary that explains some of the terms used in the Shibboleth/SAML world.

Federation

The U is a member of the InCommon Federation, which provides a trust framework and metadata distribution among its members. This simplifies the process of setting them up to use our IdP.

Presentations

Contact

The Shibboleth service is operated by the Identity Management service team. For more information about Shibboleth or our other services, send email to idm@umn.edu.

Special note about idm contact

When you are contacted by someone at IDM after a metadata submission, asking you to, "Please add your contact information as described on the wiki page."

Find information about adding contact info to your metadata file, after you download/retrieve it from your new SPD, here: Adding contact info to Metadata

Additionally, fill out the Errors node, supportContact attibute in the shibboleth2.xml file.

<Errors supportContact="csomexp@umn.edu"
            logoLocation="/shibboleth-sp/logo.jpg"
            styleSheet="/shibboleth-sp/main.css"/>

Shibboleth Workshop Notes

Topic attachments
I Attachment Action Size Date Who Comment
pptppt Shib-codepeople-201106.ppt manage 367.5 K 06 Jun 2011 - 09:20 ChristopherBongaarts Presentation about Shibboleth at the U from June 2, 2011 code-people meeting
pptppt Shib-netpeople-201103.ppt manage 365.5 K 10 Mar 2011 - 14:03 ChristopherBongaarts Presentation about Shibboleth at the U from March 10, 2011 net-people meeting
Topic revision: r55 - 07 Nov 2013 - 10:20:36 - ChristopherBongaarts
 
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback