NC State Shibboleth - Technical Documentation
Setting Up a Service Provider
If you are running your own web servers, you will need to install the Shibboleth Service Provider software on each of your servers where you want to use Shibboleth. These instructions should guide you in installing and testing a new SP.
- Planning For a New SP
- Install SP Software
- Configure the SP
- Register the SP
- Test the SP
- Advanced Configuration
For reference only: Older SP Install Docs
Using Shibboleth on an Existing Service Provider
If you are setting up an application or website on a service provider that is already configured to run a Shibboleth Service Provider, you should be able to configure Shibboleth through your .htaccess files.
Testing htaccess on a Hosted Server - How to verify that Shibboleth is setup and working on your hosted website.
Using .htaccess files - Guide to writing .htaccess files for Shibboleth.
Using Shibboleth with WordPress - Plugins you can use to enable Shibboleth logins in WordPress. Includes a couple links to solve common configuration problems.
Additional Reference Documentation
How Shibboleth Logins Work - Explains the steps taken when a user authenticates to a website using Shibboleth.
Shibboleth Timeouts - Explains the different timeout settings for the SPs and our IdP.
Shibboleth Logout - How to create a Logout link URL, how it will work, and the limitations of single logout.
Require Multifactor Access - Explains how to request and require the REFEDS MFA authorization context, to ensure that users on your site have logged-in with Duo 2FA.
Attributes Provided by NC State IdP - List of attributes and our release policies.
User Affiliations - Describes each of the affiliation values that are used by our Identity Provider.
Group Membership - Describes how Wolftech AD group memberships can be passed as an attribute by our Identity Provider.
Two-Factor Attributes - Explains how to use the attributes that indicate a user's enrollment and authentication with Duo.
How to load NCSU Federation Metadata - Explains one way to configure an SP to download and verify the NCSU Federation metadata.
Notes on SP Certificates - Describes problems that may arise from expired SP certificates and how to update them.
ColdFusion Support - Notes on issues specific to servers running ColdFusion and Shibboleth.
SP Configuration File Links
- Service Provider 3.x config files: (recommended, SP 3.4 is current)
- Sample 3.x shibboleth2.xml
- IIS Installs should use Sample 3.x IIS shibboleth2.xml
- Sample 3.x attribute-map.xml
- Service Provider 2.6.x config files: (obsolete, used for SP 2.6)
- Common federation files: