Shibboleth Identity Provider (IdP) Shibboleth Service Provider (SP)

(IdP is a J2EE app) (shibd daemon maintains state)

(mod_shib gets attributes from

shibd and protects web apps)

Access to protected service (web app) is controlled by shib gatekeeper

Active Directory Server

Obligatory Geek Diagram – SimplifiedObligatory Geek Diagram – Simplified

Student is at Starbucks

IdP is at his

school

Protected Web Service is at a

university

IdP/SP communication via SAML attributes exchanged through the browser session

2

NCTrust IdP Hosting ModelsNCTrust IdP Hosting Models

Locally