GridShib for Shibboleth2
Version 0.1.0 August 19, 2008

Welcome to GridShib!

GridShib is an NSF-funded project to allow interoperability between Globus Toolkit^® and Shibboleth.^® Visit the GridShib web site (http://gridshib.globus.org/) for more information about the GridShib Project.

GridShib distributes four software components:

1. GridShib for Globus Toolkit
2. GridShib for Shibboleth
3. GridShib Certificate Authority
4. GridShib SAML Tools

These software components help bridge the gap between SAML federations based on Shibboleth and Grid federations based on Globus Toolkit. Visit the GridShib Deployment Scenarios page to see how the various GridShib components might be used.

Overview

GridShib for Shibboleth2 is a set of software plugins for a Shibboleth 2.0 Identity Provider (IdP). In particular, GridShib for Shibboleth2 implements the OASIS SAML V2.0 Holder-of-Key Web Browser SSO Profile.

Important features of GridShib for Shibboleth2 include:

• Implements a holder-of-key web browser SSO handler for a Shibboleth 2.0 IdP
• Includes an HTTP user agent that requests a holder-of-key SAML assertion
• Provides an online demo application for testing and evaluation

Download

You can download the complete GridShib for Shibboleth2 software distribution from the GridShib Downloads page:

GridShib for Shibboleth Download

Download the software in GZIP or ZIP format, or browse the online CVS repository.
http://gridshib.globus.org/download.html#gridshib-idp

Please review the licensing terms of the GridShib License before using this software. GridShib is licensed under the Apache License, Version 2.0. Additional licensing information will be found on the GridShib Downloads page.

Documentation

Available documentation for GridShib for Shibboleth2 includes the following:

Protocol Overview and Proposed Architecture

An overview of the implemented protocol and the architecture of the implementation.
http://docs.google.com/View?docid=dhjm7gcs_6ghbmxbgd

How to Install and Configure the Shibboleth 2.0 Identity Provider

A set of instructions that supplement the TestShib IdP Installation Guide.
http://docs.google.com/Doc?id=dhjm7gcs_18c8dxx9g6

How to Install and Configure the Holder-of-Key SSO Profile Handler

Assuming a Shibboleth 2.0 IdP has already been installed and configured, this guide shows how to configure the GridShib Holder-of-Key Web Browser SSO handler in the IdP.
http://docs.google.com/Doc?id=dhjm7gcs_16f62mkvdr

How to Configure Holder-of-Key SSO Service for the User Agent

This guide shows how to configure the GridShib Holder-of-Key Web Browser SSO handler to talk to the supplied HTTP user agent.
http://docs.google.com/Doc?id=dhjm7gcs_19d2cr4kg9

How to Configure PKI Credentials for the User Agent

A set of instructions that show how to create and configure an X.509 credential for the HTTP user agent.
http://docs.google.com/Doc?id=dhjm7gcs_20hjm4xgsj

How to Install and Run the User Agent

This document shows how to run the HTTP user agent from the command line and how to embed it in a command-line application.
http://docs.google.com/Doc?id=dhjm7gcs_21gcbpd8hr

For illustration purposes, an online demo is provided. The demo issues a SAML AuthnRequest to a suitably configured IdP and displays the resulting SAML response in the browser window.

Globus Toolkit (http://www.globus.org/toolkit/) is an open-source toolkit for grid computing. Shibboleth (http://shibboleth.internet2.edu/) is an open-source implementation of the SAML browser profiles. Globus Toolkit^® and Shibboleth^® are registered trademarks of the University of Chicago and Internet2, respectively.