• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

Shibboleth Component

What function does the Shibboleth downloadable "SP Component" perform.  

Can it be called by the web service to validate the incoming token?

Anthony Lucia
Anthony Lucia
1 Solution
btanExec ConsultantCommented:
Shibboleth wiki has wealth of info and specific to SP, its details as below and is installed in web server to provide as gateway to protected resource that required user to be authenticated via the agreed IdP. No diff from the SP understanding ...

It can be called by webservices or sometimes (and I see it) as web application
The SP software calls a grouping of resources that are meant to be accessed as a unit an "application". This term is used in a precise way and doesn't necessarily refer to something you would actually draw a line around as a "web application", although certainly it can and often does. An application defined to the SP software has a number of important qualities..

Any two resources protected by the same physical SP software (or a cluster) can be aggregated into an application. They don't have to live in the same directory or even the same virtual host. Of course, it's common for that to be the case, and generally a good idea, for obvious reasons. But it's not a technical limitation.

The meat of the software configuration is divided across two sections of the shibboleth2.xml file: the <RequestMapper> and the <ApplicationDefaults> elements. In the case of Apache, the former is generally omitted in favor of Apache-specific commands.

How it All Fits Together (see the SP if you are intereted in its doing in quick brief sum up)
1. User Accesses Protected Resource
2. SP Determines IdP and Issues Authentication Request
3. User Authenticates to the IdP
4. IdP Issues Response to SP
5. Back to the SP
6. Back to the Protected Resource

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now