Shibboleth 2 Contributions and Extensions
Identity Provider Extensions
The following extensions are software components that may be installed into the Shibboleth 2 Identity Provider.
Extension | Supported IdP Versions | Maintainer Contact Info. | Description |
|---|---|---|---|
2.3 | Extension that enables users to consent to the release of attributes. | ||
? | Enables the IdP to issue Holder-of-Key SAML assertions. | ||
2.3 | The x509-login-handler implements an authentication handler for the Shibboleth IdP and will set the authentication context class | ||
2.X | Provides IdP usage statistics by analyzing audit log files. | ||
2.X | IdP monitoring script for graphing Shibboleth usage | ||
2.x | Provides ECP support. Note ECP support was rolled in to the main IdP distribution in version 2.3, do not attempt to use this plugin with that, or future, versions. | ||
2.x | Provides an attribute data connector to a RESTful webservice. | ||
2.2 | Provides a dynamic metadata provider which is based on the newest HTTP metadata provider. | ||
2.x | Provides a connector that can be used to extract attributes from a web service. (And the web service, in turn, can obtain those attributes from almost anywhere.) | ||
2.? | This is a JAAS-based login handler for Multi Factor authentication (two factors or more). | ||
2.? | Provides an attribute data and persistent ID connector for MongoDB. | ||
2.x | Provides an attribute data connector for OrientDB. | ||
2.3+ | Provides an easy way to connect your Shibboleth IdP to a memcached server, in order to create a stateful cluster. It is intended to be a lightweight alternative to using the Terracotta software. | ||
2.2+ | Ohio State extensions, primarily a custom login module for SSO with stateless clustering, and workflow-like login handler with Velocity-based UI and post-login notification hooks. | ||
2.x | Provides support authentication with the German ID card (nPA). | ||
2.3 | The Kerberos Login Handler uses the kerberos protocol to implement an SSO (Single Sing On) authentication mechanism. | ||
2.3 | An extension to the username/password login handler and a new data connector that allows for the creation of new attributes based on the IP address of the user agent at authentication time. | ||
2.? | Facebook Login Servlet (FLS) provides three way integration among Identity Provider, Facebook and SQL database. With its help, user can perform quick authentication, based on credentials retrieved from Facebook Graph and data received from SQL database. | ||
2.3 | The Duo Two-Factor Authentication Login Handler for Shibboleth adds Duo Security two-factor authentication to an existing JAAS user authentication for Shibboleth identity providers. It is based on the Shibboleth UsernamePassword login handler. | ||
2.3+ | A replacement storage service for Shibboleth IdP v2 that uses Infinispan to provide cluster support. | ||
| SSO-CAS Login Handler | 2.x | fed-contact@listes.renater.fr | The SSO-CAS Login Handler allows the use of forced authentication while using a SSO-CAS server to authenticate the user. |
| Munin plugin for IdP | 2.x | sporth@oit.umass.edu | Munin plugin to graph IdP requests. Requires the IdP Audit Log Analysis Tool to parse the log files. |
| Proposed New Default Login Page screenshots | 2.x | mgrady@unicon.net | Screen shots for discussion of a new default Login page design that is responsive (gracefully adjusts to various screen widths). |
| Shibboleth-CAS Authenticator | 2.3+ | dkopylenko@unicon.net | A Shibboleth IdP external authentication plugin that delegates the authentication to the CAS. Supports the ability to utilize a full range of native CAS protocol features such as renew and gateway |
| Status Servlet with Terracotta support | 2.3+ | beall@usc.edu | A servlet to for better status monitoring of an IdP node which is using Terracotta. |
| Changing IdP Signature Method Algorithm | 2.3+ | users@shibboleth.net | Instructions and template code for writing a Java Spring bean that can be used to change the IdP signature method algorithm from SHA1 to other algorithms. |
Service Provider Extensions
The following extensions are software components that may be installed into the Shibboleth 2 Service Provider.
Extension | Supported SP Versions | Maintainer Contact Info. | Description |
|---|
Discovery Service Extensions
The following extensions are software components that may be installed into the Shibboleth 2 Discovery Service.
Extension | Supported DS Versions | Maintainer Contact Info. | Description |
|---|
Documentation
Name | Maintainer Contact Info. | Description |
|---|---|---|
Notes on building, configuring, and testing the Shibboleth 2.0 SP on openSUSE 10.3 | ||
Setting up the IDP 2.0 on SuSE Linux Enterprise Server (SLES10) (German) | ||
Notes on installing and configuring Shibboleth 2.0 SP on Mac OSX 10.5 (Leopard) XServe | ||
Shibboleth 2 Introduction, Installation, and Configuration |
Other, Related, Contributions
Other software components or documentation related to the use of Shibboleth 2.
Name | Maintainer Contact Info. | Description |
|---|---|---|
Java-based tool for downloading, checking well-formedness, schema validity, and signature of XML documents. Also provides ability to sign XML documents. | ||
A discovery service, written in Ruby. | ||
An all-Java SP. A Git patch to configure JBoss such that any standard deployed applications become SAML enabled. From a clean JBoss download do "git apply path-to-patch" to apply the changes. A README is supplied. I based the patch on JBoss-6.0.0.M2, but hopefully it with work with other versions too. If you really can't work with the patch I may be able to provide the complete SP, but the patch is really better since it is not tied so tightly to a single JBoss version and it lets you see what has been done. | ||
A simple demonstration ECP client written in bash. It requires bash 4 and the curl and xlstproc command line tools. It has been tested on Debian Squeeze against a Shib 2.2.1 and 2.3.0 IdP and Shib 2.4.2 Native SP. | ||
A simple demonstration ECP client written in Python. It requires Python 2.6+ and the Python lxml toolkit. It has been tested on Debian Squeeze against a Shib 2.2.1 and 2.3.0 IdP and Shib 2.4.2 Native SP. | ||
stressTest.sh and its companion program check_sp-test.my.org_shib_login.pl are meant to help "stress test" a Shibboleth IdP (and SP). I used it to run about successful 150-200 logins per minute, using an IdP running on a VM on older HW, with only 512MB RAM. The code exercises SP -> WAYF -> IdP -> SP end-to-end tests and produces ASCII output. YOU WILL NEED TO READ AND UNDERSTAND THE CODE BEFORE USING THIS, as modifications will be required. Though its only 200-300 lines of code, so hopefully it won't be too difficult to figure that out. To unroll the gzipped tarball, do the following from a Linux command line: gunzip idpLoadTester.tar.gz; tar -xvf idpLoadTester.tar | ||
Devise Shibboleth Authenticatable is a Shibboleth based authentication strategy for the Devise authentication framework, http://github.com/plataformatec/devise. | ||
| ECP implementation in PHP | Ivan Novakov | Flexible and easily extensible PHP library for creating ECP enabled applications.S |
| Chef Cookbooks for Shibboleth | Elliot Kendall | Chef Cookbooks to install and configure the Shibboleth IdP, the Shibboleth SP, and Terracotta as Shibboleth IdP clustering solution. |
