shibboleth vs those "other" idps

Rob Gorrell rwgorrel at
Thu May 14 12:37:15 EDT 2015

Our school doesn't have a long standing, deeply entrenched history with
SSO... our first foray only a few years back with a Shibb 2.x IdP. But
since, we have grown our SSO presence and built a dependency on SAML
becoming a moderate sized shop. As SSO becomes common part of our
vocabulary, I've seen a lot more requests to integrate with apps and
services that aren't always SAML-friendly... a lot of vendors are now
shopping their idp of choice to match their product's SSO integration.
Lately, it seems like everything wants to be an IdP (Ellucian EIS,
Netscalar/BigIP, Okta, AzureAD, etc) and many of these solutions come with
baked-in multi-protocol support (SAML, WS-Fed, CAS, etc) marketing
themselves as truly agnostic SSO solutions.

What I'm being asked more and more these days is to justify the choice of
staying with shibb being that it is largely centered around SAML (and CAS
thanks to v3.0). That if we were to pick one these others that support the
long list of integrations, we could onboard more services without having to
evangelize SAML.

So I was hoping you guys might be able to help me collect and organize my
thoughts on what sets the shibb IdP aside from the growing number of
generic players that have joined the game. What principally does shibb do
very well that the others don't? I think most of the argument evolves
around the word "federation" and metadata management, but I figure I'd ask
those much more knowledgeable about the subject to arm me with a little
more ammo than I'm carrying today.


Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list