Shibboleth identity provider (idp) what it is, and why you should consider a managed service
1. Shibboleth is among the world’s most widely deployed federated identity solutions,
connecting users to applications both within and between organizations.
Many organizations choose to deploy a Shibboleth Identity Provider (IdP) rather
than a commercial single sign-on solution due to its “built in” privacy provisions and
community driven open-source development. Shibboleth also boasts a lightweight
memory footprint and includes support for multi-party federations, like the In
Common Federation.
View our webinar: How 11+ Universities are Using Gluu EDU to normalize and
support a Shibboleth IdP.
As a federated system, a Shibboleth IdP supports secure access to resources across
security domains. Information about a user (known as attributes) is sent from a
home identity provider (IDP) to a service provider (SP), which prepares the
information for protection of sensitive content and use by applications.
2. The Shibboleth software implements widely used federated identity standards, most
notably the OASIS Security Assertion Markup Language (SAML), to provide a federated
single sign-on and attribute exchange framework.
Without going into excessive detail, this is how the resource-access process happens
between the person, the IDP and the SP:
User Attempts to Access a Protected Resource
SP Determines IDP and Issues Authentication Request
User Authenticates to the IDP
IDP Issues Response to SP
User is redirected back to the SP
Access is granted to the Protected Resource
Why Use a Managed Service for your Shibboleth IDP:
Configuring a Shibboleth Identity Provider involves technical know-how that can be
expensive and time consuming to obtain, and difficult to retain (i.e. retaining employees
with this skill set). Identity Management and Federation protocols and Wam software
such as SAML and Shibboleth are increasingly a niche expertise, which explains why,
among other reasons, ID as a Service (IDaaS) has seen a significant rise in popularity.
3. A subscription to the Gluu Server can help you reduce the costs associated with
building and operating open source software, such as a Shibboleth IDP. The Gluu Server
stack includes open source software that enables your organization to support the
following open web standards: SAML, OAuth2, LDAP and RADIUS.
At Gluu, we employ Shibboleth Identity Provider experts so you don’t have to. With
Gluu’s managed Shibboleth IdP service and open source product suite, you can add a
layer of support for increasingly complex SAML SSO requirements, while also aligning
with OAuth2 and decreasing dependence on highly specialized skill sets.
Article resource: https://sites.google.com/site/thegluuserver/shibboleth-identity-
provider-idp-what-it-is-and-why-you-should-consider-a-managed-service