- Federal E-Authentication Credential Service: An extension allowing a Shibboleth 1.3 IdP to operate as a Federal E-Authentication Credential Service.
- ADFS Integration: An extension allowing a Shibboleth 1.3 IdP to integrate with Microsoft's Active Directory Federation Service.
- GridShib: A project funded by the NMI to combine Grid Security Infrastructure in the Globus Toolkit with Shibboleth. GridShib IdP extensions include GridShib for Shibboleth and the Shibboleth IdP Tester. The latter can be used to test a plain vanilla Shibboleth Attribute Authority.
- HA-Shib: An extension for the Shibboleth 1.3 IdP that allows multiple IdP instances to be clustered together and share in-memory state for handle and artifact mapping.
- mod_auth_location: An Apache module that allows for IP based authentication to a Shibboleth IdP. This may be "stacked" with other authentication mechanisms.
- ShibXACML: An extension allowing a Shibboleth 1.3c IdP to use XACML as policy language.
- Attribute Release
- SHARPE: A Shibboleth Attribute Release Policy Editor will be released soon.
- Metadata Management
- saml-registry: A J2EE SAML 2.0 metadata management application from Stockholm University.
- Resource Registry: The Resource Registry is a PHP/MySQL based solution to scalably manage metadata and attribute release for a Shibboleth federation. It's heavily tailored to the SWITCHaai federation. However, it might be useful as a source of ideas for other federations. The tool is under BSD license.
- Performance Testing: Fabien Trzebiatowski of AXEN has written a JMeter test plan that simulates a Shibboleth login.
- Shibbolized Zope: Chi Nguyen of MAMS has documented how to Shibbolize zope, an open source content management system.
- Group Management Tool (GMT): It's a PHP web application to create and manage groups of Shibboleth users originating from multiple IdPs. The group information can be used by Shibboleth protected web applications for access control decisions. To restrict access to web server directories based on the users' unique ID, GMT generates Apache
.htaccess files. Alternatively, group membership can be checked by local or remote hosts via a PHP or Perl interface. The current version (0.8) is just a preview version that is subject to structural changes and other improvements, so don't use it in production yet.
GMT is developed by SWITCH and it's SP centric - by no means a replacement for Grouper
- AAI Portal: It's a PHP based web portal, acting as a broker between a deployed AAI and one or more resources. In SWITCHaai it is primarily used to transparently integrate WebCT sysems. It's a SourceForge project maintained by SWITCH.
C++ SP Extensions
- FastCGI SP Application: Allows one to run an SP regardless of the web server used as long as it supports the FastCGI protocol (Lighttpd and Apache for example). Can be run remotely.
Java SP Extensions