May 3, 2011

Shibboleth identity provider

We (at openTrends) recently finished a project about installing an identity provider (IDP) based on shibboleth. It was not an easy one but we succeeded!

The most difficult part was managing all the configuration files. Certificates are stored in multiple files and that makes it difficult to configure and maintain.

We connected that identity provider to a CAS (Central Authentication System) that the organization already had installed and then to different Service Providers, that is, web applications that we wanted to get access to:

  • google apps
  • metalib
 Thought shibboleth looks complicated, it is being used specially in US. Alternatives are simpleSAMLphp and openSSO, both SAML compliance.

Installing and maintaing an Identity provider is not an easy task. It needs to be monitorized, upgraded, in cluster, ... and is a very important piece of the infraestructure. That is why Identity as a Service (IDaaS) can be a very good solution.

No comments: