Shibboleth Guides

The key to deploying federated services is understanding Shibboleth and SAML, how the required components interact, and details on session cookies and the terminology in use.

The following articles serve as an introduction to these topics:

• Describes the interaction between Identity Provider (IdP) and Service Provider (SP)
• Describes the Application Model
• Describes Application Integration

Starting point for installation on Linux, Windows and Mac

• System Requirements
• Installations

SP Configuration

• Elements and Components

Standard Flow

The diagram below illustrates the interaction between the user, the service provider (SP) and the identity provider (IdP).

Figure 1. Shibboleth Component Interactions

The interactions are as follows (and are referenced from Shibboleth):

• The SP detects the user attempting to access restricted content within the resource.
• The SP generates an authentication request, then sends that request, and the user, to the user’s IdP.
• The IdP authenticates the user, then sends the authentication response, and the user, back to the SP.
• The SP verifies the IdP’s response and sends the request through to the resource which returns the originally requested content.