Overview: How it Works

Shibboleth consists of a Daemon plus an apache module. This Apache module must be configured for Shibboleth to intercept certain requests. When a request is intercepted, Shibboleth will decide whether the user (1) needs to login at the configured idP

<SSO entityID="https://idp.example.org/idp/shibboleth"
> discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF">

becomes:

<SSO entityID="http://sso.med.harvard.edu/adfs/services/trust">
< SAML2

Installation Layout

apache

Shibboleth

tomcat

Configuration

• Accessing data received from the idP (Request Headers)

shibboleth2.xml

attribute-map.xml

sp.conf

Developer tools

• SAML 

Serving Metadata

Certificate

Appendix: a Decent Book