LLMpediaThe first transparent, open encyclopedia generated by LLMs

Shibboleth Project

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: SAML Hop 4
Expansion Funnel Raw 127 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted127
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Shibboleth Project
NameShibboleth Project
DeveloperInternet2 Consortium, Internet2, University of Southern California, MITRE Corporation
Released2003
Programming languageJava (programming language), C++
Operating systemLinux, Windows, macOS
PlatformApache HTTP Server, Tomcat, Jetty
LicenseApache License

Shibboleth Project The Shibboleth Project is an open-source software initiative providing federated identity solutions enabling single sign-on and attribute-based access control across disparate systems, used by academic institutions, corporations, and government agencies. It implements standards-based protocols to facilitate trust and interoperability among identity providers and service providers, integrating with directory services, web servers, and portal platforms. The project influenced federated identity deployments in higher education, research networks, and commercial environments through collaborations with standards bodies and consortiums.

Overview

Shibboleth Project offers implementations of SAML-based federated identity that interoperate with Security Assertion Markup Language, enabling authentication and attribute exchange between identity provider and service provider actors while integrating with Lightweight Directory Access Protocol, Active Directory, Kerberos (protocol), OAuth 2.0, and OpenID Connect ecosystems. The software suite includes a Java-based identity provider component and a C++ service provider library that integrate with Apache HTTP Server, nginx, Tomcat, Jetty, and portal platforms like Liferay, uPortal, and Drupal. The project participates in standards development with OASIS, W3C, IEEE, Internet Engineering Task Force working groups and collaborates with research infrastructure organizations such as CERN, ESnet, TERENA, and GEANT.

History and Development

Origins trace to federated identity efforts in the early 2000s involving Internet2, Shibboleth Consortium, Dante (organization), and university identity teams at University of Chicago, University of Michigan, Stanford University, University of Pennsylvania, and University of Oxford. Early releases aligned with the evolution of SAML 1.1 and later SAML 2.0 specifications endorsed by OASIS and influenced by projects at U.S. Department of Energy, National Science Foundation, JISC, and Australian Research Council. Development milestones include introduction of the Java Identity Provider, the C++ Service Provider, integrations with CAS (Central Authentication Service), support for Shib13 deployments, and architectural adaptations for cloud adoption alongside Amazon Web Services, Microsoft Azure, and Google Cloud Platform collaborations with identity teams at Harvard University, Columbia University, Yale University, and Princeton University.

Architecture and Components

Core components consist of the Java Identity Provider, the C++ Service Provider library, administrative tools, metadata management, and attribute release policy frameworks that interface with LDAP, Active Directory, RADIUS, and external attribute authorities like eduGAIN. The software supports metadata aggregation mechanisms compatible with SAML metadata, XML Signature, and X.509 certificate-based trust, integrating with OpenSSL, GnuTLS, and hardware security modules from vendors such as Thales Group and Entrust. Deployment patterns reference web servers Apache HTTP Server, reverse proxies like HAProxy, application servers JBoss, and container platforms like Docker and Kubernetes, with monitoring via Nagios, Prometheus, and Grafana.

Deployment and Use Cases

Institutions deploy Shibboleth Project software for single sign-on in campuses like University of California, Berkeley, Massachusetts Institute of Technology, University of Cambridge, and national research networks including SURFnet and Canarie. Use cases encompass access to library resources via Elsevier, Springer Nature, and JSTOR integrations, federated access to cloud services from Microsoft Office 365, Google Workspace, and Box (company), and cross-institutional collaboration for projects at CERN, NASA, European Space Agency, and World Bank. Implementations span virtual learning environments like Moodle, research data repositories like Figshare, and scholarly infrastructures such as ORCID, Crossref, and Datacite.

Security and Privacy Considerations

Security practices involve rigorous certificate management using X.509, metadata signing with XML Signature, and exchange mechanisms compliant with SAML 2.0 profiles, incorporating threat mitigations informed by advisories from US-CERT, NIST, ENISA, and incident response teams at CERT/CC. Privacy controls include attribute release policies, consent frameworks, and minimization aligned with regulations and frameworks such as GDPR, FERPA, HIPAA, and guidance from Privacy International and Electronic Frontier Foundation. Operational security integrates with identity proofing standards from NIST SP 800-63 and federated trust frameworks like eduGAIN and national identity schemes including Gov.uk Verify and eIDAS profiles.

Community, Governance, and Licensing

Governance evolved under the stewardship of Internet2 Corporation, academic steering committees from Association of Universities and Colleges of Canada, regional bodies like TERENA/GÉANT, and collaborative input from corporate contributors such as Google, Microsoft, Red Hat, and IBM. The project adopts an open-source model under the Apache License with community-driven development via GitHub, issue tracking, and contribution workflows similar to other projects like Apache Software Foundation initiatives and Eclipse Foundation projects. Community activities include annual conferences, interoperability events with REFEDS, training workshops by Educause, and working groups for metadata, privacy, and deployment best practices.

Adoption and Implementations

Adoption spans higher education consortia like InCommon, JANET, SURFnet, AARNet, and national research and education networks connected via eduGAIN, with commercial implementations by Elsevier, Springer Nature, ProQuest, Microsoft, and cloud service integrators at Amazon Web Services and Google Cloud Platform. Implementations appear in campus portals at University of California, enterprise single sign-on deployments at AT&T, federated access for healthcare providers affiliated with Mayo Clinic and Cleveland Clinic, and research collaborations at Max Planck Society, CNRS, CSIRO, and Fraunhofer Society.

Category:Federated identity