Does anyone on the list have experience setting up and running Shibboleth? I've heard that it is hard to setup and difficult to scale, but it sounded more like rumor to me. Anyone have thoughts or comments?
Forum info: http://www.activedir.org
Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx
Experience with Shibboleth?
- 131 Views
- Last Post 21 October 2016
Specifically the IdP, but the SP plugins are interesting too.
Shibboleth the IdP or Shibboleth's service provider plugin for IIS or Apache or?
I've used the Shib SP for IIS multiple times. It is pretty simple. We run the IdP here but another group manages that. They have 5 virtual Linux servers load balanced for 6 figure logins per day with many reauths in between. We also do MFA through the Shib IdP but are in the process of changing token vendors. Shib/SAML supports step-up auth which is a really nice feature.
The Shib team has released new installers that are designed to simplify the process and I believe there are also containerized versions of the tools. The https://shibboleth.net website has the details.