The UK Federation, Shibboleth and Microsoft Windows

Posted on Wednesday, 13 June 2007

The UK Access Management Federation for Education and Research uses the Security Assertion Markup Language (SAML) standards for the communication of authentication, entitlement and attribute information between member organisations. The SAML standards can be used in many different ways, allowing the implementation of different types of federated communities.

Shibboleth is an open source implementation of the SAML v1.1 specification which provides Web Single Sign On (SSO) across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access to protected online resources in a privacy-preserving manner. Shibboleth is developed by Internet2, a consortium promoting advanced networking within the US research and education community.

While the UK federation does not preclude the use of other products, there exist significant challenges that limit the extent to which the UK federation can support software other than Shibboleth at the present time. This primarily reflects differences in how other products choose to realise the types of federation appropriate for their respective communities. Shibboleth, developed by the education and research community for the education and research community, is therefore the software recommended by the UK federation operator, JANET(UK), for use within the UK federation.

Given the requirement to support the diverse range of directory configurations present within the research and education community, the Shibboleth Identity Provider software sometimes requires a relatively complex manual configuration to integrate with an organisation's local directory environment. Due to the prevalence of Microsoft Windows Active Directory, an effort is underway to streamline the installation and configuration of Shibboleth specifically for that environment through the creation of an installer package. This will be made available to the community at no cost.

Member organisations, or potential member organisations, who are interested in testing or deploying the installer package should contact Louis Searchwell (louis.searchwell@ja.net) for further information. Edited by SteveGlover on 14 November 2007, at 02:49 PM