Shibboleth - Overview
Wed, 05/27/2009 - 15:21 — brabec.ncsu.edu
The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. (ref: http://shibboleth.internet2.edu/)
The Shibboleth system may be used in the future to replace the WRAP Authentication system that we current use on campus for web single-signon. WRAP is a home-grown solution that has been left undeveloped for quite some time.
NCSU is participating in four federations. A federation is a collection of identity providers (IdPs) and service providers (SPs) that share a trust relationship and allow providers from different universities, schools and businesses to share private authentication and authorization information in a secure way. Our four federations are:
Our own, local federation allows us to quickly setup new service providers and get them into the Shibboleth system. Identity information is provided by our own IdP, which allows a Unity account login and serves campus users' attributes. This federation is designed for sites that need to authenticate NCSU users only. We plan to expand to offer IdP services for registered guests of the Library and Delta as well.
For more information about setting up a new service provider and registering with the NCSU Federation, please see the SP Setup page.
The UNC GA has established a federation amoung the UNC-system schools to aid them in developing a system for inter-institutional registration. This federation recognizes logins from all of the UNC-system universities, and is available to projects that will be shared within our system.
To register with the UNC-GA Federation, you should start by establishing a working SP in the NCSU Federation by following the instructions listed above. Once the SP is running correctly, you can register your site with the UNC-GA Federation by submitting your Identity information and certificate to their group for review. For help with the UNC-GA Shibboleth registration, please contact email@example.com.
NC Trust / InCommon Federations
InCommon is a national federation for researchers, students and educators. NC Trust is a local federation formed as a subset of InCommon providers. It was built to handle identity services for all North Carolina schools (K-12 and Higher Ed). Registration with InCommon is a for-fee service. Schools wishing to join NC Trust must first register with InCommon before they can be added to the NC Trust metadata.
For more information about registering with InCommon and the NC Trust federation, please contact firstname.lastname@example.org.