- Federal E-Authentication Credential Service: An extension allowing a Shibboleth 1.3 IdP to operate as a Federal E-Authentication Credential Service.
- ADFS Integration: An extension allowing a Shibboleth 1.3 IdP to integrate with Microsoft's Active Directory Federation Service.
- GridShib: A project funded by the NMI to combine Grid Security Infrastructure in the Globus Toolkit with Shibboleth. GridShib IdP extensions include GridShib for Shibboleth and the Shibboleth IdP Tester. The latter can be used to test a plain vanilla Shibboleth Attribute Authority.
- HA-Shib: An extension for the Shibboleth 1.3 IdP that allows multiple IdP instances to be clustered together and share in-memory state for handle and artifact mapping.
- mod_auth_location: An Apache module that allows for IP based authentication to a Shibboleth IdP. This may be "stacked" with other authentication mechanisms.
- ShibXACML: An extension allowing a Shibboleth 1.3c IdP to use XACML as policy language.
- Attribute Release
- SHARPE: A Shibboleth Attribute Release Policy Editor will be released soon.
- Metadata Management
- saml-registry: A J2EE SAML 2.0 metadata management application from Stockholm University.
- Resource Registry: The Resource Registry is a PHP/MySQL based solution to scalably manage metadata and attribute release for a Shibboleth federation. It's heavily tailored to the SWITCHaai federation. However, it might be useful as a source of ideas for other federations. The tool is under BSD license.
- Performance Testing: Fabien Trzebiatowski of AXEN has written a JMeter test plan that simulates a Shibboleth login.
- Shibbolized Zope: Chi Nguyen of MAMS has documented how to Shibbolize zope, an open source content management system.
- Group Management Tool (GMT): It's a PHP web application to create and manage groups of Shibboleth users originating from multiple IdPs. The group information can be used by Shibboleth protected web applications for access control decisions. To restrict access to web server directories based on the users' unique ID, GMT generates Apache
.htaccess files. Alternatively, group membership can be checked by local or remote hosts via a PHP or Perl interface. The current version (0.9) is just an intermediary version that still is subject to some structural changes and other improvements.
GMT is developed by SWITCH and it's SP centric - by no means a replacement for Grouper
- AAI Portal: It's a PHP based web portal, acting as a broker between a deployed AAI and one or more resources. In SWITCHaai it is primarily used to transparently integrate WebCT sysems. It's a SourceForge project maintained by SWITCH.
- AAIEye : Monitors IdP's and SP's by automatically logging in to the services. Includes a plug-in for Nagios for displaying the results of those test cases. The tool can also collect and display usage statistics (number of logins), which it gathers from the data sent by IdP's and SP's. Developed by CSC.
- Shibboleth Shim Server and Filter: It's a Java-based server providing Shibboleth SP for standalone Java applications. It requires a Tomcat instance running behind Apache which is protected by Shibboleth. This provides the Shim Server. The Shim Server then redirects a signed, encrypted attribute assertion to an extremely lightweight servlet filter running on the standalone container.
C++ SP Extensions
- FastCGI SP Application: Allows one to run an SP regardless of the web server used as long as it supports the FastCGI protocol (Lighttpd and Apache for example). Can be run remotely.
Java SP Extensions