Understanding Shibboleth

Shibboleth is a free, open-source web single sign-on system with rich attribute-exchange based on open standards, principally SAML. It is a federated system, supporting secure access to resources across security domains. Information about a user is sent from a home identity provider (IdP) to a service provider (SP) which prepares the information for protection of sensitive content and use by applications. So-called federations, while not a purely technical construct, can often be used to help providers trust each other in a scalable way.

If you have a question that isn't addressed here, check the list archives, or try the support mailing list.

How It All Fits Together
Implemented Protocols/Profiles
Name Identifiers and Attributes
Metadata
Single Logout Difficulties
Shibboleth 2.0/1.3 FAQ

Entity Naming
Attribute Naming
Attribute Storage Locations
Session Management
Trust Management

Authentication and Sessions
Service Provider / Relying Party types
Key Skills for IdP Operation

Key Skills for SP Operation
Software Architecture
How Attributes are Retrieved
Services, Applications, and Resources
Can a single installed SP protect many servers?