- A free and open-source software provided by Internet2.
- This system is a Middleware project that is used for federated identity-based authentication.
- The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries.
- It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.
- Shibboleth can be installed on a virtual machine as well and is not resource intensive.
- Learn more about Shibboleth! Visit www.shibboleth.net
Steps to integrate NJVID with your Enterprise directory (LDAP/AD)
- Install Shibboleth Identity Provider (see installation guides for Linux and Windows)
- Configure the Shibboleth Identity Provider to be added to our Federation. (see Section A below, "Add Information on adding NJTrust to your Identity Provider")
- Configure the Shibboleth Identity Provider to release the required shibboleth attributes to our Service Provider (see section B "Required Shibboleth Attributes" and Section C: "Releasing attributes to NJVID")
- Once installed and configured, verify that your Shibboleth Identity Provider can communicate with our service provider by visiting www.njvid.net/dlr/shibinfo.php and then login using your userid/username. Send an email to firstname.lastname@example.org with the contents of the page if you want us to confirm that you are sending the right attributes.
Assistance for NJEDge members
If you need assistance with Shibboleth installation at your institution, please contact us at email@example.com Our support team will guide and assist you in the set-up process.
A. Add information on NJTrust to your Identity Provider
Here is the declaration needed for an Identity Provider to use our metadata with Shibboleth 2. This allows your Identity Provider to work with services described in our metadata:
- eduPersonScopedAffiliation [example: firstname.lastname@example.org] The role 'member' MUST be assigned for all users that are active users in the learning community [i.e. faculty, students, staff] . Some institutions assign email@example.com as the role for all of their users.
- eduPersonPrincipalName [usually the userID or netID, example: firstname.lastname@example.org].
You will also need to configure your IdP to release attributes to our federation. In your attribute-filter.xml add a PolicyRequirementRule:
Then make sure you restart your Java servlet.