This page collects support documentation for Shibboleth Service Providers (SPs) that use the UW Shibboleth Identity Provider (IdP). These documents are intended to help ease the learning curve for inexperienced SP operators and to provide references on UW-specific Shibboleth services and configurations. We don’t intend to cover every possible SP application integration scenario, nor do we expect our documentation to replace the comprehensive and authoritative documentation provided by the Shibboleth project.
Shibboleth Project
- Shibboleth Project Home
- Shibboleth Documentation Wiki
- Shibboleth Project Mailings Lists
- Announce – Low traffic list for important announcements such as new releases and security advisories. All SP operators should join this list.
- Users – High traffic list used for discussion of deployment issues. You might want to subscribe, but even if not the searchable list archives are valuable for troubleshooting.
- Dev – Used for discussion of development issues.
Installation Guides
- Install Shibboleth Service Provider 3.x on Windows and IIS
- Install Shibboleth Service Provider on Linux and Apache
- Install Apache and Shibboleth on RHEL6 (user contributed)
- Shibboleth Consortium Linux Install
- InCommon Trusted Access Platform Release
Service Provider Registration Topics
- Register a Service Provider with the UW
- Shibboleth Service Provider Registry Application
- Request Service Provider Registration with InCommon
- Transition a Service Provider Registration Between the UW and InCommon
- Certificate Rollover for Service Providers
Attribute Topics
- Guide to NameID Formats and Attributes Available from the UW IdP
- Request a NameID and Attributes from the UW IdP
- Configure a Service Provider to Use Attributes
- Signed Responses vs. Signed Assertions
- About REMOTE_USER and HTTP_REMOTEUSER
- Passing Attributes to a Tomcat Application
- IdP Provided Attributes vs. Other Sources of Information
Multi-site Configuration
- Configure a Service Provider with Multiple Web Sites (one entity ID)
- Configure a Service Provider with Multiple Web Sites (multiple entity IDs)
Session Management Topics
- Configure Service Provider Timeouts
- Configure Service Provider Logout
- Configure a Service Provider to Force Re-Authentication
- Configure a Service Provider for Two-Factor Authentication
- Configure a Service Provider for Step-up Two-Factor Authentication
Access Control Topics
- Request Conditional Access and Automatic or Conditional Two-Factor Authentication
- Using Apache “require” Directives with gws_groups
- Using the XML Access Control Plug-in
Metadata Topics
- UW IdP Metadata
- Configure a Shibboleth SP to use the InCommon Per-Entity Metadata Distribution Service
- Configure a Shibboleth SP to Consume Metadata from a Local IdP Endpoint
- Configure a Shibboleth SP to Use the InCommon Metadata Aggregate File
Federation Topics
- Configure IdP Discovery (multiple IdPs) for a Service Provider
- UW IdP Support for “R&S” Category
- Configure Shibboleth SP to use the UW Social Gateway
Client Transition Topics
- Comparison Between Pubcookie and Shibboleth Features
- Shibboleth SP Migration to IdP Native Authentication Flow – completed July 2018 – completed July 2018
Other Topics
- Apache Directives for Shibboleth Service Providers
- Guide to Service Provider Certificates
- HTTP to HTTPS Redirect