Shibboleth is the world’s leading open source federated identity solution, with flexibility and features that surpass commercial offerings. However, the inherent power of the software and its narrow distinction between configuration and code makes it difficult for the novice to understand how best to meet needs or for the inheritor of an older implementation to puzzle through it. Signet has decades of expertise integrating Shibboleth with widely used commercial and custom identity providers and service providers, offering an ideal partnership for your team to bring your project to production.
You should generally avoid implementation of security software yourself. It’s easy to make modest mistakes that leave big security holes. Shibboleth is widely used open source software implemented by the editors of the SAML specifications themselves, and using such software is a great way to avoid ending up with a data leak, regulatory violation, or other troubling situation.
Shibboleth Integration and Deployment
The Shibboleth IdP is incredibly flexible and extensible, while the SP interacts with applications without a traditional API, instead relying on environment variables and specially crafted URL’s. This approach can be unintuitive, but it is also the least invasive and most powerful method for integration of identity with applications. It also avoids lock-in to the greatest extent possible.
Special use cases can almost always be accomplished, but without experience with the software, it’s hard to know where to begin. Shibboleth blurs the line between code and configuration so far that many use cases can be accomplished in several ways. The functionality, security, and reliability of your deployment will depend on many configuration choices and identifying the optimal approach during design and implementation will result in identity services that your staff can understand, maintain, and operate with unparalleled availability.
SAML 2.0’s wide adoption has led to many interpretations of the protocol, and while a software suite may advertise SAML support, it will almost certainly carry its own flavor. Integration of different SAML providers is not always obvious, particularly as commercial implementations seek to differentiate themselves in the marketplace with unique takes on the specification. Signet has a complete understanding of the protocol and decades of production debugging and wiring together the diverse world of SAML support. Leverage our experience to create a system that meets the needs of your users and administrators with the least maintenance burden and greatest uptime.
Signet also offers Shibboleth support services on a subscription basis, and we recognize that each organization has a different degree of staffing and capacity. We will work with you to determine the scale and scope of responsibility that is optimal for your organization’s needs and agree upon a customized service-level agreement.
These agreements can range from a typical backstop for operational issues and special integration challenges to maintenance and operation of a broader environment. For an opportunity to discuss your support needs with our team, please contact us to help us understand your environment so we can collectively determine an optimal agreement.
Login is perhaps the most mission-critical system in many large enterprises today, and if it’s down, everything that relies on it is down. We also offer assistance in rapid diagnosis and repair of identity integration issues to get your organization back on track. Every Signet team member has faced being the difference between an outage and a working system.
General SAML Deployment Guidance
While we recommend the Shibboleth wiki for reference documentation, we thought a layer of best practices and interpretation on top of that would be useful. We provide some general guidance that will guide you through the basics at a higher level.
SAML exposes data about you and your colleagues to the world through assertions of user data. Most environments will encounter interoperability issues between software packages that “support SAML”. There is meaningful divergence between the way SAML was specified and the way it has evolved in deployment. Getting the representation of your users unified, accurate, and secured is essential. Building an SSO environment requires striking several balances in resource requirements, technical elegance and expediency and organizational policy. With your understanding of your needs and Signet’s expertise bringing them to fruition, we look forward to being your implementation partners.