The Shibboleth Identity Provider provides Single Sign-On services and extends your users' reach into other organizations and new services by authenticating your users and securely providing appropriate data to requesting services. In addition to a simple yes/no response to an authentication request the Identity Provider can provide a rich set of user-related data to the Service Provider. This data can help the service provide a more personalized user experience, save the user from having to manually enter data the service requires, and refresh the data each time the user logs in to the service.
The normal Identity Provider process is:
- Accept a SAML authentication request from the Service Provider a user wants to access
- Authenticate the user against your organization's existing authentication service
- Collect user data from your organization's existing data stores
- Apply policy to control what data is released to which Service Provider
- Securely transmit the collected information to the Service Provider
Key Features
- Out of the box support for LDAP, Kerberos, web server and Servlet Container based authentication systems
- Out of the box support for reading in user data from LDAP directories and relational databases (no special schemas required) and performing simple or complex transformations on the acquired data
- Support for releasing only the data you wish to whom you wish and making sure it gets there securely
- Excellent scaling; a single instances handles millions of authentications a day and communicating with thousands of different service providers with very low administration costs
- Works with all other known SAML implementations
- Public, documented APIs in case you need to extend the software to integrate more fully with your custom services
