Shibboleth
- Provides inter-institutional AuthN and AuthZ
- Two Parts: Identity Provider, Service Provider
- Identity Provider
- Uses Java and Tomcat
- Uses Apache as web server
- Uses CUWebAuth to authenticate users with who have a Cornell NetID
- Uses Directory Server to get AuthZ information via LDAP and SSL
- Uses BindID and password to authenticate to Directory Server
- Configured to use with InCommon federation
- Service Provider
- Uses Apache
- Uses SSL
- Written in C/C++ with lots-o-libraries, such as ...
- libcurl
- log4cpp
- Xeces-C
- XML-Security-C
- OpenSAML
- CIT does not currently run a Service Provider, but examples of some Service Providers in the InCommon federation are these library vendors ...
- Identity Provider Machine info follows ...
- OS: Solaris 5.9 Cluster
- No automatic fail over
- But can be moved manually via scswitch commands
- No load balancing
- Machines are in server farm
- Two factor AuthN required for SSH login
- Production: 3 node cluster
- Shares node with some other IdM web apps
- Test: 2 node cluster
- Dev: 2 node cluster
{"serverDuration": 59, "requestCorrelationId": "0b6ca57a2c620ff8"}
