Skip to end of metadata
Go to start of metadata

Configuring Shibboleth

Taking a Shibboleth !IdP or SP to production must be done carefully. The default packaging and installation of the components involves trusting test providers and federations which are unsecured. Access by these providers should be removed or strictly limited before going towards production using the steps described below.

IdP Configuration

Native SP Configuration:

The WAYF

There are also several important user interface considerations to ensure access is intuitive. The only significant hurdle here is the WAYF service, which requires individuals to select their home institution. The problem gets stickier with multiple federations and protection systems. There are many ways to handle this, but deployers should be careful to protect the ability to select different institutions when necessary.

Miscellaneous Production Information

  • DistributedProtection: Some appropriate ways to enable webapps and pages to specify their own protection while maintaining privacy
  • No labels