Shibboleth is the world’s leading open source federated identity solution, with flexibility and features that surpass commercial offerings. However, the inherent power of the software and its narrow distinction between configuration and code makes it difficult for a novice to understand how best to meet needs or for the inheritor of an older implementation to puzzle through it.
Signet has decades of expertise building Shibboleth environments at scale and meeting uptime requirements, including identity providers, service providers, and their associated applications. We’ve also successfully integrated with virtually all SAML implementations, whether commercial, open-source, or custom providers. Some of these integrations prove more challenging than others because of competing interpretations of the specification, but rarely are they insurmountable given Shibboleth’s flexibility.
Shibboleth is widely used open source software developed by the editors of the SAML specifications. Identity data in reality is both an asset and a liability, which amplifies its importance. Using software like Shibboleth not only connects your users to your applications, but it avoids ending up with a data leak, regulatory violation, or other troubling situation. You should generally avoid implementation of security software yourself: modest mistakes leave big risks.
Shibboleth Integration and Deployment
The Shibboleth IdP is incredibly flexible and extensible, while the SP interacts with applications without a traditional API, instead relying on environment variables and specially crafted URL’s. This approach can be unintuitive, but it is also the least invasive and most powerful method for integration of identity with applications. It avoids lock-in to the greatest extent possible.
Complex use cases can almost always be accomplished, but without experience with the software, it’s hard to know where to begin. Shibboleth blurs the line between code and configuration so far that many use cases can be accomplished in several ways. The functionality, security, and reliability of your deployment will depend on many configuration choices and identifying the optimal approach during design and implementation will result in identity services that your staff can understand, maintain, and operate with unparalleled availability.
SAML 2.0’s wide adoption has led to many interpretations of the protocol, and while a software suite may advertise SAML support, it will almost certainly carry its own flavor. Integration of different SAML providers is not always obvious, particularly as commercial implementations seek to differentiate themselves in the marketplace with unique takes on the specification.
Signet has a complete understanding of the products and the protocols and decades of debugging and wiring together the diverse world of production SAML support. Leverage our experience to create a system that meets the needs of your users and administrators with the least maintenance burden and greatest uptime.
Signet also offers Shibboleth support services on a subscription basis, and we recognize that each organization has a different degree of staffing and capacity. We will work with you to determine the scale and scope of responsibility that is optimal for your organization’s needs and agree upon a customized service-level agreement.
These agreements can range from a typical backstop for operational issues and special integration challenges to maintenance and operation of a broader environment. For an opportunity to discuss your support needs with our team, please contact us to help us understand your environment so we can collectively determine an optimal agreement.
Login is perhaps the most mission-critical system in many large enterprises today, and if it’s down, everything that relies on it is down. We also offer assistance in rapid diagnosis and repair of identity integration issues to get your organization back on track. Every Signet team member has faced being the difference between an outage and a working system.
onboarder.tar.gz: This software expedites the onboarding of SP’s for organizations that principally act as IdP’s. Built from two PHP scripts, the first allows the user to enter their hostname, and the second generates a shibboleth2.xml configuration file that replaces the default entityID using the hostname, loads your IdP’s metadata, points to your IdP as the default login mechanism, and if being used in conjunction with IIS, replaces sp.example.org with the hostname.