Technical Details
The Shibboleth software implements widely used federated identity standards, primarily Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. A user authenticates with his home organization credentials, and the identity provider passes the minimal identity information necessary to the service provider to enable an authorization decision.
Identity Provider
The typical service provider process is the following:
- Intercept access to a protected resource or application entry point.
- Discover the user's choice of identity provider.
- Issue a SAML authentication request to the selected identity provider.
- Process the SAML authentication responses and extract rich user information.
- Apply local policies and gather additional data.
- Pass rich identity information to application resources.
Service Provider
The typical service provider process is the following:
- Intercept access to a protected resource or application entry point.
- Discover the user's choice of identity provider.
- Issue a SAML authentication request to the selected identity provider.
- Process the SAML authentication responses and extract rich user information.
- Apply local policies and gather additional data.
- Pass rich identity information to application resources.