Understanding Shibboleth

Shibboleth is a free, open-source web single sign-on system with rich attribute-exchange based on open standards, principally SAML. It is a federated system, supporting secure access to resources across security domains. Information about a user is sent from a home identity provider (IdP) to a service provider (SP) which prepares the information for protection of sensitive content and use by applications. So-called federations, while not a purely technical construct, can often be used to help providers trust each other in a scalable way.

If you have a question that isn't addressed here, feel free to send a message to a shibboleth-users@internet2.edu after checking the list archives.

How it All Fits Together
Authentication and Sessions
Name Identifiers and Attributes
The Difficulties of Single Logout
Shibboleth 2.0/1.3 FAQ

Entity Naming
Attribute Naming
Attribute Storage Locations
Session Management

The Life of a Login
Implemented Protocols/Profiles
Key Skills for IdP Operation

Implemented Protocols/Profiles
Key Skills for SP Operation
How Attributes are Retrieved
Why is there a Shibboleth Daemon?
Can a single installed SP protect many servers?