You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Project Resources Wiki

Project Overview

TIER architects, Internet2, and Unicon are working together to develop a GUI tool for the Shibboleth IdP that has an initial focus on managing metadata and metadata filters (using entity attributes).  The project began in the fall of 2017 and already has produced several intermediate releases for review and testing.

A key reason that the Shibboleth IdP is used by many members of Internet2/InCommon is its ability to leverage metadata, including large metadata aggregates such as InCommon's, to support large scale multilateral federated identity. The Shibboleth development team, in conjunction with TIER, is expanding the range of behaviors/settings of the Shibboleth IdP that can be controlled thru metadata, in particular, adding support for entity attributes that can trigger various relying party override settings, as part of the next release of the Shibboleth IdP, version 3.4. The Shibboleth IdP already supports the ability to craft attribute release (filter) rules that are triggered by entity attribute settings, and other settings (such as NameID ones) can be similarly "activated".

The current Shibboleth GUI test release allows one to create SP metadata files from "scratch", or import metadata for an SP from a file or URL, and add entity attributes to that metadata that can impact relying party settings such as required authentication context, what is signed, signature algorithm, encryption, etc. If one adds the right template into the attribute-filter.xml file, the UI also allows one to manage what attributes are released to that SP.

The current work on the Shibboleth UI is now focused on allowing one to similarly add entity attributes to specific SPs from the InCommon metadata aggregate, by creating metadata filters that will "annotate" that core InCommon-provided SP metadata. Through those filters, aspects of the IdP's behavior, and how and what is contained within the SAML response to a given SP, can be managed thru the UI.

Further iterations of the Shibboleth UI are planned throughout 2018, which will continue to expand on the range of metadata source and filter types supported thru the UI, and allow defining and managing custom entity attributes. How the UI expands beyond that is a conversation for the community to have as this work moves forward.

Additional resources

Shibboleth Metadata Management GUI - Requirements


  • No labels