Explorations into UMN Shibboleth Auth - Part 1: Overview
Background and Goals
UMN is transitioning from Central Authentication Hub (CAH) into using Shibboleth for authentication of protected web pages and applications. Here are brief notes about my attempts to implement Shibboleth on Ubuntu 9.10. The goal of these explorations is to eventually be able to accomplish the following:
- Protect a directory on a webserver with Shibboleth
- Restrict the content to only a subset of authenticated users
- Create a form and protect it with Shibboleth authentication
- Automatically populate some publicly available information (name, email etc) after a successful authentication
- Integrate Shibboleth with Contao CMS member login
- Create a new member on Contao after a successful authentication with Shibboleth.
- Automatically populate some publicly available information with a form in Contao after a successful authentication with Shibboleth.
When reading documentation about Shibboleth, there are two acronyms that are being used -- Shibboleth Service Provider (SP) and Shibboleth Identity Provider (IdP). Often the Shibboleth documentation talks about both of these on the same page even though they are completely different animals. The Shibboleth SP is the client that is using the IdP for authentication. I learned that I can safely ignore information about configuring and IdP since that is already provided to me by the UMN Identity Management team. The information that I need to read is under Shibboleth SP.
Up next: Installing Shibboleth SP on Ubuntu OS