This appendix is designed to guide system admins installing Single-Sign-On (SSO) for Shrine (using Shibboleth).

Very Basic Overview of SSO

IdP (Identity Provider): A web-based system that can authenticate a user on behalf of another system called a SP (for Service Provider).

In this implementation of SSO, the SP consists of the Shibboleth SP version 3 software. See https://shibboleth.atlassian.net/wiki/spaces/SP3/overview .

Upon successful login at the IdP, the IdP will send information about the user back to the SP as "attributes".

Among other things, The SP must be configured to specify which of these attributes should be passed to the shrine code (in the form of HTTP servlet request attributes and/or headers).

Shibboleth config Documentation

This is not required reading, but if you want to jump in depth, this is the official Shibboleth configuration documentation

https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335529/GettingStarted

Developer tools

A Decent Book on SAML

Next Step: 

SHRINE 4.0.0 Appendix A.1 - Installing the Software Stack