federated system, supporting secure access to resources across security domains. It is based on open standards, principally SAML.
— Identity provider (IdP)
— Service provider (SP)
- OpenID – https://wiki.shibboleth.net/confluence/display/SHIB2/IdP+OpenID
- SAML 2.0
Information about a user is sent from a home identity provider (IdP) to a service provider (SP) which prepares the information for protection of sensitive content and use by
1. User Accesses Protected Resource
2. SP Determines IdP and Issues Authentication Request
3. User Authenticates to the IdP
4. IdP Issues Response to SP
5. Back to the SP
6. Back to the Protected Resource
Application (Drupal etc) –> shibbloth –> sp –> idp –> (idp checks with ldap server) –> sp –> Application
———————- SSO ————————-
CAS integrated with Shibboleth:
1.If the user has already authenticated to CAS and has a valid CAS SSO session, the IDP will transparently perform the requested action, e.g. attribute release.
2.If the user does not have a valid CAS SSO session, the user will be redirected to CAS and must authenticate before the IDP proceeds with the requested action.
Application –> (CAS Authentication with ldap) –> Application
Application –> CAS –> sp –> idp –> idp Integrated with LDAP Server –> sp –> Application
Status of Installation:
The system encountered an error at Fri Mar 16 18:29:25 2012
To report this problem, please contact the site administrator at root@localhost.
Please include the following message in any email:
opensaml::saml2md::MetadataException at (https://geopc.local/secure)
Unable to locate metadata for identity provider (https://geopc.local/shibboleth)
In error log it shows WARN Shibboleth.SessionInitiator.SAML2 : unable to locate metadata for provider (https://geopc.local/shibboleth)