Once the Apache Shibboleth Module has been installed and configured, you can add Apache Auth directives to any appropriate content-control block ( <Directory>,<File>, <Location>) in your virtual host
Resources
How-Tos
Shibboleth Overview
This page documents some of the most common issues and troubleshooting steps for Shibboleth integration.
These are some of the important concepts and terminology used when talking about SAML or Shibboleth.
Details about setting up a UMN site to be access-controlled by Shibboleth.
An Entity ID is something that you choose as an SP. This page should help you choose a good Entity Id for your shibboleth configuration.
This page describes commonly-used attributes at the University of Minnesota.
The name(s) that should appear in directory search applications for this person.
Specifies the person's relationship(s) to the institution in broad categories.
Fullyqualified username but not necessarily the user’s published email address.
Contains telephone numbers (and, optionally, the parameters) for facsimile (fax) terminals.
The user’s first name; is based on the PreferredName from the individual’s PeopleSoft record, if present.
Specifies a home telephone number associated with the individual (ie: +1 608 555 1212).
Specifies a home postal address for an individual (up to 6 lines of 30 characters each).
The user's middle initials (that is, not including the user’s given name and surname).
Boolean that indicates whether the user account is a guest.
The isMemberOf attribute contains a value for each group the user belongs to.
Contains a value for each of the user's email addresses.
Contains a person's primary campus affiliation.
Contains the canonical From address and is not necessarily the same as the DisplayMail address.
Contains the user’s primary forwarding email address which may or may not be the same as the DisplayMail address.
The user’s office/campus phone number
The user’s office/campus phone number.
The title of a person in their organizational context.
User login name (ie: user1234), but can be changed under certain circumstances at the University by a name change request from the user.
If the individual is enrolled in UMN courses. this attribute displays the type of degree program.
This is typically an oncampus work address, such as a healthcare provider’s clinic address.
The campus mail address of the individual, but not necessarily the location of the individual’s oncampus office.
The internal directory ID for a given user; an alternate unique identifier for an account.
The individual’s ‘official UMN’ email address is displayed in the directory.
The user’s Employee ID (or EmplID, StudentID in the case of students) from PeopleSoft.
The umnLibAccess attribute contains library access flags assigned to the user.
Describes the type of library access an individual has, which could include multiple types.
The individual’s primary campus address.
The individual’s Preferred Name from PeopleSoft without the incremental digit suffix.
Contains the user’s UMN Library Card Number.
User's classification at the University.
An alternate campus phone number.
The individual’s UCard number.
Information about Shibboleth Logout.
Information on configuring the Shibboleth SP XML file.
A single SAML entityID can be used for many different servers, both physical and virtual.
Sometimes you may want to retrieve additional attributes about the user after the user authenticates.
You will need to install a few things on your system to get Shibboleth working with Apache. This article goes over how to get Shibboleth working with Apache on Debian Systems.
Information about using Two-Factor Authentication with Shibboleth.
Resources
Initial Setup ProcessThe University of Minnesota operates a Shibboleth Identity Provider (IdP) for Single Sign-On (i.e.
Self-Help Guides
Learn about Shibboleth, an open-source single sign-on infrastructure, and how to install and configure it.