Shibboleth 3 Contributions and Extensions

Identity Provider Extensions

The following extensions are software components that may be installed into the Shibboleth 3 Identity Provider.

Extension         

Supported IdP Versions

Maintainer Contact Info.

Description

shib-cas-authn3

3.x

unicon.net

A Shibboleth IdP external authentication plugin that delegates the authentication to an external CAS Server. It supports the ability to utilize a full range of native CAS protocol features such as renew and gateway. 

3.1,3.2fox@washington.eduThis data connector retrieves data from a restful web service.  We use this to retrieve group memberships.
Shibboleth-IdP3-TOTP-Auth3.2keijo@kvak.netThis authentication module provides 2-factor authentication with Google Authenticator. It works conjunction with User/Password flow. ATM it retrieves token seeds from external LDAP-server.
shib-mfa-duo-auth3.1-3.2unicon.netDuoSecurity multifactor plugin written by Unicon. Recommended if you need the full multi-context broker experience as described at Replicating Multi-Context Broker Functionality (Duo + Username/Password with user-opt-in forcing Duo).
duo_shibboleth3.1-3.2duosecurity.comDuoSecurity's own plugin, completely independent of and released shortly after Unicon's. Arguably simpler and includes fail-safe/bypass functionality not available in Unicon's. Does not create a new authn context – so SPs cannot demand Duo -- but quick & dirty opt-in-to-Duo functionality can still be achieved by adding code to their DuoShibboleth.java.
shibboleth-mfa-u2f-auth3.2stefan.wold@unitedid.orgProvides U2F authentication support (2-factor). Works together with the user and password flow. Current version only have support for the Yubico U2F Validation Server as backend. Generic backend support for SQL and MongoDB will be available in August 2016.
shibboleth-oidc3.2.1UChicago/Unicon? (try the issue tracker)"We are working on adding support for the OpenID Connect protocol to the Shibboleth Identity Provider v3."

Build and Configuration Management Resources

Name

Maintainer Contact Info.

Description

Docker Imagejgasper@unicon.net

A Shibboleth IdP base image ready for a configuration overlay. See a fully working idp example.

Salt formula for ShibbolethMatthew X. EconomouSaltStack formula that installs and configures the Shibboleth IdP, the Shibboleth SP, and the Shibboleth DS; currently tested against CentOS 7 and FreeBSD 10, and intended for use with CentOS/Debian/FreeBSD/RHEL/SUSE/Ubuntu/Windows.

Documentation

Name

Maintainer Contact Info.

Description

IdP Heap ManagementJim Fox

Discussion of garbage collection performance and parameters.

Persistent Id with local databases.Jim FoxDescription of a method of using independent, local postgres databases for persistent id generation and maintenance.

Other, Related, Contributions

Other software components or documentation related to the use of Shibboleth 3.

Name

Maintainer Contact Info.

Description

Sample SP Applicationmmoayyed@unicon.net

A sample SP application that is protected by Spring Security SAML.

Shibboleth IdP Maven Overlaymmoayyed@unicon.net  Shibboleth Identity Provider packaged and deployed as a Maven overlay.
Shibboleth IdP Template Installerjgasper@unicon.net A template for installing the Shibboleth Identity Provider v3.0 which makes available the Shib-CAS-Authenticator plugin for external SSO authentication. The shibboleth installer is preconfigured and decorated with additional tasks that would provide a fully functional identity provider ready for deployment.
Shibboleth Messages Translationlukas.haemmerle@switch.chTranslations of the Shibboleth messages properties in different languages. Maintained by by several contributors.
shibboleth-idp-gradle-overlaymmoayyed@unicon.netThe Shibboleth Identity Provider web application built using a Gradle overlay.