Shibboleth 3 Contributions and Extensions

Identity Provider Extensions

The following extensions are software components that may be installed into the Shibboleth 3 Identity Provider.

Extension         

Supported IdP Versions

Maintainer Contact Info.

Description

shib-cas-authn3

3.x

unicon.net

A Shibboleth IdP external authentication plugin that delegates the authentication to an external CAS Server. It supports the ability to utilize a full range of native CAS protocol features such as renew and gateway. 

3.1,3.2fox@washington.eduThis data connector retrieves data from a restful web service.  We use this to retrieve group memberships.
Shibboleth-IdP3-TOTP-Auth3.2keijo@kvak.netThis authentication module provides 2-factor authentication with Google Authenticator. It works conjunction with User/Password flow. ATM it retrieves token seeds from external LDAP-server.
shib-mfa-duo-auth3.1-3.2unicon.netDuoSecurity multifactor plugin written by Unicon. Recommended if you need the full multi-context broker experience as described at Replicating Multi-Context Broker Functionality (Duo + Username/Password with user-opt-in forcing Duo).
duo_shibboleth3.1-3.2duosecurity.comDuoSecurity's own plugin, completely independent of and released shortly after Unicon's. Arguably simpler and includes fail-safe/bypass functionality not available in Unicon's. Does not create a new authn context – so SPs cannot demand Duo -- but quick & dirty opt-in-to-Duo functionality can still be achieved by adding code to their DuoShibboleth.java.
shibboleth-mfa-u2f-auth3.2stefan.wold@unitedid.orgProvides U2F authentication support (2-factor). Works together with the user and password flow. Current version only have support for the Yubico U2F Validation Server as backend. Generic backend support for SQL and MongoDB will be available in August 2016.
shibboleth-oidc3.2.1UChicago/Unicon? (try the issue tracker)"We are working on adding support for the OpenID Connect protocol to the Shibboleth Identity Provider v3."

shibboleth_django-freeradius_login

3.xwww.uniurb.it a.ventani@campus.uniurb.itThis plugin implements a JAAS LoginModule of Java which permits a Shibboleth idp server to authenticate with the module django-freeradius.
duo-non-browser3.3pfeifer@umd.eduA Shibboleth IdP authentication plugin/flow intended for use with the mfa authn flow providing Duo authentication for browserless interactions such as ECP.

Build and Configuration Management Resources

Name

Maintainer Contact Info.

Description

Docker Imagejgasper@unicon.net

A Shibboleth IdP base image ready for a configuration overlay. See a fully working idp example.

Salt formula for ShibbolethMatthew X. EconomouSaltStack formula that installs and configures the Shibboleth IdP, the Shibboleth SP, and the Shibboleth DS; currently tested against CentOS 7 and FreeBSD 10, and intended for use with CentOS/Debian/FreeBSD/RHEL/SUSE/Ubuntu/Windows.

Other Related Contributions

Other software components and/or documentation related to the use of Shibboleth IdP V3.

Name

Maintainer Contact Info.

Description

IdP Audit Log Analysis Toolusers list or issue trackerProvides IdP usage statistics by analyzing audit log files.
Sample SP Applicationmmoayyed@unicon.net

A sample SP application that is protected by Spring Security SAML.

Shibboleth IdP Maven Overlaymmoayyed@unicon.net  Shibboleth Identity Provider packaged and deployed as a Maven overlay.
Shibboleth IdP Template Installerjgasper@unicon.net A template for installing the Shibboleth Identity Provider v3.0 which makes available the Shib-CAS-Authenticator plugin for external SSO authentication. The shibboleth installer is preconfigured and decorated with additional tasks that would provide a fully functional identity provider ready for deployment.
Shibboleth Messages Translationlukas.haemmerle@switch.chTranslations of the Shibboleth messages properties in different languages. Maintained by by several contributors.
Shibboleth IdP Gradle Overlaymmoayyed@unicon.netThe Shibboleth Identity Provider web application built using a Gradle overlay.
IdP Heap ManagementJim FoxDiscussion of garbage collection performance and parameters
Persistent Id with local databasesJim FoxDescription of a method of using independent, local postgres databases for persistent id generation and maintenance
SAML Librarytrscavo@gmail.com

A library of command-line tools for deploying a metadata early warning system and for managing untrusted metadata using a Shibboleth LocalDynamicMetadataProvider. The tools may also be used to monitor an MDQ server, that is, a metadata server configured with a Shibboleth DynamicHTTPMetadataProvider.

SAML AuthnRequest Generation Webpagedmalone@calpoly.eduA webpage constructed purely of HTML and Javascript that can decode, manipulate, encode, and submit AuthnRequests for debugging.