Shibboleth Workshop Series

Program Outline

Shibboleth Identity Provider Program

The following program provides a guide to the anticipated topics, but may be amended before the actual workshop.

Course 1 Basics of Installation and Operation of the Shibboleth Identity Provider

Section 1: Install

1. Task: Understand the model and the Big Picture
2. Task: Plan/Think/Decide
3. Task: Download/unzip the Shibboleth Identity Provider (IdP) software
4. Task: Prepare Java/Tomcat
5. Task: Install Shibboleth
6. Task: Test basic Shibboleth
7. Task: Register your IdP
8. Task: Understand the IdP’s configuration files and options
9. Task: Configure User Authentication
10. Task: Define/load a source of SAML metadata
11. Task: Configure User Attributes/Attribute Resolver
12. Task: Configure Attribute Release Policies

Section 2: Move to Production – Tips, Tuning & Things to Think About

13. LDAP versus LDAPs
14. Security/Hardening for your IdP
15. Monitoring
16. Logging configuration
17. Reporting
18. Configuration reloading
19. Authentication/Single Sign-On Window
20. Performance Tuning the Java VM
21. Handling Upgrades
22. Troubleshooting
23. Support Resources

Shibboleth Service Provider Program

The following program provides a guide to the anticipated topics, but may be amended before the actual workshop.

Course 2 Basics of Installation and Operation of the Shibboleth Service Provider

Section 1: Install

1. Task: Understand the Shibboleth SP
2. Task: Download the Shibboleth SP software
3. Task: Install the Shibboleth SP software on your web server
4. Task: Understand the files and directories of the SP
5. Task: Verify the status of your new Shibboleth SP

Section 2: Configure

6. Task: Get Started Overview
7. Task: Define the URLs which will utilize Shibboleth sessions
8. Task: Create your default SAML entity ID
9. Task: Adjust the homeURL parameter
10. Task: Configure the SP to require SSL for Shibboleth/SAML messages (optional, but recommended)
11. Task: Define/adjust the default SessionInitiator
12. Task: Define/Load a metadata source
13. Task: Set the administrator email address and customize the default error pages
14. Task: Adjust/configure the attribute-map.xml file
15. Task: Configure web server
16. Task: One Last Check...
17. Task: Provide your SAML metadata to a federation or IdP so that others can use your new SP

Section 3: Advance Topics

18. Authorization Access Control Lists
19. Application Override
20. Discovery Services
21. Attribute Filtering
22. Metadata Blacklisting
23. Logging
24. Clustering
25. Load Balancing
26. Reporting
27. Troubleshooting
28. Other topics: Attribute Aggregation, Dynamic Credential Loading, Delegation, and more.