Skip to content


Shibboleth is a single sign-on, or SSO, service. The system is made up of three parts

  • The Identity Provider (IdP) is responsible for user authentication and providing user information to the Service Provider (SP). It is located at the home organization, which is the organization which maintains the user's account.
  • The Service Provider (SP) is responsible for protecting an online resource and consuming information from the Identity Provider (IdP). It is located at the resource organization.
  • The Discovery Service (DS) helps the Service Provider (SP) discover the user's Identity Provider (IdP). It may be located anywhere on the web and is not required in all cases.

Basic Interaction

  1. The SP detects the user attempting to access restricted content within the resource.
  2. The SP generates an authentication request, then sends the request, and the user, to the user's IdP.
  3. The IdP authenticates the user, then sends the authentication response, and the user, back to the SP.
  4. The SP verifies the IdP's response and sends the request through to the resource which returns the originally requested content.

To install Shibboleth version 3 on Ubuntu you have to build it from source. The rest of this document is a guide in order to build Shibboleth.