Overview: How it Works
Shibboleth consists of a Daemon plus an apache module. This Apache module must be configured for Shibboleth to intercept certain requests. When a request is intercepted, Shibboleth will decide whether the user (1) needs to login at the configured idP (which will present a login form to the user), or (2) is already logged in (and Shibboleth will let the request be served as if it wasn't there to intercept it)
<SSO entityID="https://idp.example.org/idp/shibboleth"
> discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF">
becomes:
<SSO entityID="http://sso.med.harvard.edu/adfs/services/trust">
< SAML2
Installation Layout
apache
Shibboleth
tomcat
Configuration
- Accessing data received from the idP (Request Headers)
shibboleth2.xml
attribute-map.xml
sp.conf
Developer tools
- SAML
Serving Metadata
Certificate
Appendix: a Decent Book