Welcome to GridShib!
GridShib is an NSF-funded project to integrate Globus Toolkit® and Shibboleth.® Visit the GridShib web site (http://gridshib.globus.org/) for background information about the GridShib Project.
GridShib distributes four software components:
With both GridShib for Globus Toolkit and GridShib for Shibboleth installed, Globus Toolkit may securely request attributes from the Attribute Authority component of a Shibboleth Identity Provider. Visit the GridShib web site for more information about these and other GridShib software components.
This is the readme document for GridShib SAML Tools. The SAML Tools bind arbitrary content to a non-critical extension of an X.509 proxy certificate. In particular, the SAML Tools issue or request SAML assertions and optionally bind these assertions to X.509 proxy certificates.
Important features of the GridShib SAML Tools include:
The GridShib SAML Tools consists of the following subcomponents:
The SAML Security Info Tool inspects a Globus credential for bound SAML content. It takes a path to a Globus credential on the command line and prints the SAML security information contained in that credential.
The X.509 Binding Tool is a general tool for binding arbitrary content to a non-critical extension of an X.509 proxy certificate. Examples of such content include a SAML assertion, an XACML policy, or any other DER-encoded content provided in ASN.1 format.
The SAML Assertion Issuer Tool self-issues a SAML assertion and optionally binds this assertion to an X.509 proxy certificate. The assertion can include up to two statements (an AuthenticationStatement and/or an AttributeStatement). A significant feature of this tool is its ability to leverage a fully configured Shibboleth attribute resolver (to be bundled with a later version of this software).
The SAML Query Client queries a SAML Attribute Authority (AA) for attributes. The Client validates the SAML Response and outputs the attribute assertion. Like the SAML Assertion Issuer Tool, the SAML Query Client optionally binds this assertion to an X.509 proxy certificate. (A fully integrated version of the SAML Query Client will be bundled with a later version of this software.)
GridShib Common is an API for Java developers, packaged as a JAR file and distributed with the SAML Tools. GridShib Common includes the GridShib Security Framework, an API for producing and consuming X.509-bound SAML tokens. Portal developers, for example, can use GridShib Common to introduce SAML into the portal's grid security infrastructure.
The Globus SAML Library is an enhanced version of OpenSAML 1.1. The Library supports the following OASIS Standards:
The Globus SAML Library also conforms to the OASIS Subject-based Profiles for SAML V1.1 Assertions.
GridShib is licensed under the Apache License, Version 2.0. Please review the licensing terms of the GridShib License before installing, using, or developing this software. Additional licensing information will be found on the GridShib Downloads page.
Globus Toolkit (http://www.globus.org/toolkit/) is an open-source toolkit for grid computing. Shibboleth (http://shibboleth.internet2.edu/) is an open-source implementation of the SAML browser profiles. Globus Toolkit® and Shibboleth® are registered trademarks of the University of Chicago and Internet2, respectively.