Child pages
  • Shibboleth Workshop: University of Maryland, Baltimore County (April 30 - May 1, 2019)
Skip to end of metadata
Go to start of metadata

InCommon Shibboleth Workshop: Making it Easier to Federate

University of Maryland, Baltimore County
Seminar Room at the UMBC Technology Center / South Campus
1450 S. Rolling Road #1 Halethorpe, MD 21227

April 30 - May 1, 2019
9:00 am - 5:00 pm (ET)

Registration is Open.

Training Overview

Looking to deploy InCommon-ready Shibboleth Service and Identity Providers in a way that’s easy to install and manage? Want first-hand experience with the world of containers and how they can make your life easier? Plan to join us for the next InCommon Shibboleth Installation Workshop. If you are familiar with previous workshops you will find some exciting differences, so please read on.

This two-day session will focus on the InCommon Trusted Access Platform packaged software (formerly known as TIER) --  including installation and configuration. Both the Identity and Service Provider packages can be pre-configured to integrate out of the box with the InCommon Federation using recommended defaults.

Thinking about modernizing your operations? Join us and learn about the DevOps approach to managing your development and operations and how you can use the Docker containerized version of the software to streamline your work load. All of the training is done in a virtual machine (VM) environment, so you won’t need to know the details about containers.

A more-detailed look at the curriculum is at the end of this page.

Here is what you can expect:

  • A two-day, directed self-paced workshop

  • Hands-on installation of the identity provider and service provider software

  • Experienced trainers providing overviews and one-on-one help 

  • Discussions on configuration and suggested practices for federation

  • Attendance is limited to 40

The workshops will offer the chance to:

  • Install a prototype Shibboleth identity and service provider in a virtual machine environment

  • Gain experience with the Docker container version of the Shibboleth IdP

  • Discuss how to configure and run the software in production

  • We will also discuss integration with other identity management components

Knowledge of identity management concepts and related implementation experience is strongly recommended.

Directions and Parking

From I-95, take Exit 47B, Route 166 North past the entrance to UMBC and toward Rolling Road. Follow to Route 166 South toward Arbutus. Go a half mile and make your first right onto Gun Road. The road immediately forks. Take the left fork and proceed a half mile to the entrance.

From UMBC main campus: take Hilltop Circle to Hilltop Road and Wilkens Avenue. Turn left and proceed to Route 166 South toward Arbutus. Make a right onto Gun Road. The road immediately forks. Take the left fork and proceed a half mile to the entrance.

Please note that there is free parking available in the South Campus parking lot. View accessible routes, parking and building entrances here.  Additional maps of the campus can be found here.

Hotel Accommodations

Property*PhoneDistance to CampusUMBC Nightly Rate
Fairfield Inn & Suites by Marriott Arundel Mills(410) 694-95008.6 miles$109
Home 2 Suites by Hilton Arundel Mills(443) 960-40208.7 miles$119
Sheraton BWI Airport Hotel(443) 577-27214.2 miles$99
Staybridge Suites BWI Airport(410) 850-56664.1 miles$109/$119 Seasonal

*Many hotels at BWI Airport may offer reduced fixed rates for UMBC, however, because of fluctuating seasonal rates, we encourage travelers to check for hotel’s Best Available Rate offered at the time.

Transportation Options


UMBC is best served by the Baltimore Washington International Thurgood Marshall Airport (BWI), which is 7.4 miles from campus.

Mass Transportation

Bus service is available from downtown Baltimore. AMTRAK and MARC commuter trains serve the nearby BWI Rail Station.

Local bus service

UMBC Transportation Services

AMTRAK and MARC commuter trains serve nearby BWI Rail Station

Dining and Activities

  • BWI hotel business district offers a variety of chain restaurants including Chilis, Ruby Tuesday, Bob Evans, and Cracker Barrel.

  • Local award-winning Baltimore seafood restaurant, G&M Restaurant and Lounge, is minutes from all BWI hotels serving delicious crab cake, steaks, desserts & more.

  • If looking for a local fine dining experience guests are encouraged to visit the Elkridge Furnace Inn, also minutes from BWI hotel district.

  • Guests will also be a short driving distance away from Baltimore’s Downtown Inner Harbor, Arundel Mills Mall & Casino  – both of which offer many restaurant choices and things to do.


In late April - early May, Maryland is likely to see occasional rain and sees temperatures ranging between 60-75 degrees, usually not dropping below 45 degrees or exceeding 85 degrees.

Before You Arrive

Read and follow the preparation instructions:

    1. Windows operating system
    2. Linux operating system

We use VMs hosted on Amazon Web Services - these will be available the day of the class, so there is nothing you need download ahead of time.

Please note that the training requires you to bring a laptop.

  1. You will need to have either an RDP client (for Windows) or SSH client (for Linux), plus root access to modify your etc/host files, depending on your choice of operating system for this class.

  2. The training makes use of Virtual Machines (VMs), in this case derived from Amazon Marketplace Images (AMI) loaded on Amazon Web Services. The training team will provide access instructions when you arrive for the first day of the training.

  3. You will need root/administrator access on the computer you will be bringing to class so that you can modify the local hosts file.

  4. Your VM will be available during the training and for two weeks after the training. After two weeks, the VM will no longer exist, so be sure to save anything you need within two weeks of the end of the training.

Curriculum Outline

  1. DevOps, Docker and Internet2 packaged software (overview/background)

  2. Internet2's Packaged Shibboleth IdP Training (

    1. Planning Your IdP Service

      1. Authentication, attributes, LDAP, containers

    2. The Internet2 Packaged Shibboleth Docker IdP (see details on the wiki)

      1. The IdP Container

      2. Deploying the container

      3. Container Lifecycle

      4. Build a Docker image

      5. Build your config

        1. Understanding configuration files and options

      6. Run the container

    3. Making configuration changes

    4. Troubleshooting

  3. A word about the InCommon-ready configuration and InCommon Baseline Expectations

  4. Advanced IdP Tasks

    1. Customizing the login page

    2. IdP-Initiated SSO
    3. Advanced Attribute Filter Policies

    4. Scripted Attributes

    5. Deliberate Failure

  5. SP installation and configuration (use Internet2 packaged container) 

    1. Reinforce key concepts about DevOps, containers, Internet2 packaged software
    2. Federated identity, SSO, and attributes
    3. Understanding the Shibboleth SP

    4. Authentication process - attributes, assertions

    5. How applications see and use information

    6. The SP container - creation and deployment

    7. Simple resource protection

    8. Application integration - more art than science

  6. Advanced Discussion Topics

    1. Dealing with XML

    2. SAML proxies

    3. Per-entity metadata

    4. Discovery services

    5. Error handling

    6. Scopes, attributes, and metadata filtering

    7. Working/dealing with vendors 

Agenda Outline

Tuesday and Wednesday, April 30 - May 1, 2019

NOTE: All times are Eastern Daylight Time



8:30 a.m.

Check-in opens

9:00 - 10:30 a.m.

Welcome, Introductions, Background, Begin install

10:30 - 10:45 a.m.


10:45 a.m. - Noon


Noon - 1:00 p.m.


1:00 - 3:00 p.m.


3:00 - 3:15 p.m.


3:15 - 5:00 p.m.


5:00 p.m.

Workshop Ends

Participant Consent

Any person who attends an Internet2 event or workshop grants permission to Internet2 to use and publish his or her image or likeness collected in connection with the event for any usual and customary purpose of Internet2, including promotion of Internet2 and its programs.

As part of this event, participants in this conference may be videotaped, audiotaped, or otherwise recorded, and this footage may be edited, streamed, archived, broadcast, and otherwise retained by Internet2 or made available to the public. By participating in this conference, Participant consents to Internet2 performing these actions, and agrees to hold harmless Internet2 and its affiliates, members, trustees, agents, officers, contractors, volunteers, and employees against any and all legal claims arising out of, by reason of, or caused by the performance of these actions or other use or distribution of any footage.

  • No labels