Over the last few weeks we have been speaking to a number of institutions around Shibboleth 2.x implementation. Although this is being referred to as an upgrade there is unfortunately no direct pathway. This means that in order to get Shibboleth 2.x runnning you need to completely re-install Shibboleth. Okay that’s the bad news out of the way. Fortunately our access management guys have been busy working on this for a while and already we have implemented quite a few 2.x installs recently.

Reasons for moving over?

Well firstly support for Shibboleth 1.3 finishes on the 30th June 2010 - after this there will be no more patches. Secondly there is Shibboleth 2.x's new features:

SAML 2 - SP control of authentication -  Request authentication mechanism - Force re-authentication and Request passive authentication
Encryption of sensitive information
Persistent, opaque, name identifiers (handles)
Metadata improvements - Support for metadata retrieval in-process - Large metadata file support

And more…..

The Solution

Our professional services team has put a comprehensive package together for this solution which will deliver the following: 

Installation of Shibboleth 2.x IDP

Enabling v2.x to have the same entityID as v1.3

Change the federation metadata to refer to the new IdP

Implement a mechanism which allows a rolling upgrade of federation metadata. (i.e when the service moves from the old IdP to the new)

Extend the above by running multiple IdPs (for availability) and using SSO techniques to remove the extra login screens

Provide change documentation.

We also offer additional Shibboleth support packages for Shibboleth 1.3 and 2.x If you are already a existing support customer we can add shibboleth support at a discounted price.

Next Step?

If you are interested in moving over to Shibboleth 2.x please call us on - 0161 906 2233 or you can email me at: david.poole@salfordsoftware.co.uk  Alternately if your prefer please speak to you account manager, all enquiries are welcome.