Shibboleth 3 Contributions and Extensions
Identity Provider Extensions
The following extensions are software components that may be installed into the Shibboleth 3 Identity Provider.
Supported IdP Versions
Maintainer Contact Info.
A Shibboleth IdP external authentication plugin that delegates the authentication to an external CAS Server. It supports the ability to utilize a full range of native CAS protocol features such as
|3.1,firstname.lastname@example.org||This data connector retrieves data from a restful web service. We use this to retrieve group memberships.|
|Shibboleth-IdP3-TOTP-Authemail@example.com||This authentication module provides 2-factor authentication with Google Authenticator. It works conjunction with User/Password flow. ATM it retrieves token seeds from external LDAP-server.|
|shib-mfa-duo-auth||3.1-3.2||unicon.net||DuoSecurity multifactor plugin written by Unicon. Recommended if you need the full multi-context broker experience as described at Replicating Multi-Context Broker Functionality (Duo + Username/Password with user-opt-in forcing Duo).|
|duo_shibboleth||3.1-3.2||duosecurity.com||DuoSecurity's own plugin, completely independent of and released shortly after Unicon's. Arguably simpler and includes fail-safe/bypass functionality not available in Unicon's. Does not create a new authn context – so SPs cannot demand Duo -- but quick & dirty opt-in-to-Duo functionality can still be achieved by adding code to their DuoShibboleth.java.|
|shibboleth-mfa-u2f-auth||3.2,firstname.lastname@example.org||Provides U2F authentication support (2-factor). Works together with the user and password flow. Current version only have support for the Yubico U2F Validation Server as backend. Generic backend support for SQL and MongoDB will be available in August 2016.|
|shibboleth-oidc||3.2.1||UChicago/Unicon? (try the issue tracker)||"We are working on adding support for the OpenID Connect protocol to the Shibboleth Identity Provider v3."|
|3.x||www.uniurb.it email@example.com||This plugin implements a JAAS LoginModule of Java which permits a Shibboleth idp server to authenticate with the module django-freeradius.|
|firstname.lastname@example.org||A Shibboleth IdP authentication plugin/flow intended for use with the mfa authn flow providing Duo authentication for browserless interactions such as ECP.|
Build and Configuration Management Resources
Maintainer Contact Info.
A Shibboleth IdP base image ready for a configuration overlay. See a fully working idp example.
|Salt formula for Shibboleth||Matthew X. Economou||SaltStack formula that installs and configures the Shibboleth IdP, the Shibboleth SP, and the Shibboleth DS; currently tested against CentOS 7 and FreeBSD 10, and intended for use with CentOS/Debian/FreeBSD/RHEL/SUSE/Ubuntu/Windows.|
Other Related Contributions
Other software components and/or documentation related to the use of Shibboleth IdP V3.
Maintainer Contact Info.
|IdP Audit Log Analysis Tool||users list or issue tracker||Provides IdP usage statistics by analyzing audit log files.|
|Sample SP Applicationemail@example.com|
A sample SP application that is protected by Spring Security SAML.
|Shibboleth IdP Maven Overlayfirstname.lastname@example.org||Shibboleth Identity Provider packaged and deployed as a Maven overlay.|
|Shibboleth IdP Template Installeremail@example.com||A template for installing the Shibboleth Identity Provider v3.0 which makes available the Shib-CAS-Authenticator plugin for external SSO authentication. The shibboleth installer is preconfigured and decorated with additional tasks that would provide a fully functional identity provider ready for deployment.|
|Shibboleth Messages Translationfirstname.lastname@example.org||Translations of the Shibboleth messages properties in different languages. Maintained by by several contributors.|
|Shibboleth IdP Gradle Overlayemail@example.com||The Shibboleth Identity Provider web application built using a Gradle overlay.|
|IdP Heap Management||Jim Fox||Discussion of garbage collection performance and parameters|
|Persistent Id with local databases||Jim Fox||Description of a method of using independent, local postgres databases for persistent id generation and maintenance|
A library of command-line tools for deploying a metadata early warning system and for managing untrusted metadata using a Shibboleth LocalDynamicMetadataProvider. The tools may also be used to monitor an MDQ server, that is, a metadata server configured with a Shibboleth DynamicHTTPMetadataProvider.
|SAML AuthnRequest Generation Webpagefirstname.lastname@example.org|
|SAML ECP Demoemail@example.com||A ECP client implementation written in Python3 illustrating the ECP profile flow with the ability to log all protocol interactions. It also serves as an example of how to process XML and perform HTTP request/response in Python. The implementation is not specific to Shibboleth, it should work with any compliant SP or IdP.|