What is Shibboleth?

Shibboleth is a web-based software tool that supports single sign-on (SSO) between two applications or between two organizations. It is an open-source tool and mainly used for Single Sign-On (SSO) using SAML protocol. It can not implement SSO with protocols as OAuth or OpenID connect.

It helps sites make informed authorization decisions for accessing protected resourcesand provides federated identity-based authentication and authorization that allows cross-domain Single Sign-On (SSO) and removes the need for access credentials.

Shibboleth web-based Single Sign-On (SSO) system contains three Components:

  • Identity Provider (IDP) – An identity provider (IDP) creates, maintains, and manages user identities and information. Identity Providers are responsible for user authentication and providing required user information to the Service Provider (SP).
  • Service Provider (SP) – Service provider (SP) receives authentications assertions from the Identity provider and authenticates the user.
  • Discovery Service (DS) – It helps the Service Provider to discover the user’s Identity Provider. It may be located anywhere on the web and most of the time does not require.

Shibboleth SSO Workflow

The below diagram shows the common workflow of single sign-on (SSO) and interaction between User, Identity Provider (IDP) and Service Provider (SP).


shibboleth sso workflow


Shibboleth SSO flow with miniOrange IDP

shibboleth workflow


The authentication process using Identity Provider (IDP), takes place in the following steps:

  1. The user reaches for a Service provider (website) for accessing the resources.
  2. Service Provider figure outs the Identity provider (IDP) with the help of miniOrange discovery service and authenticates the user with the Identity Provider (IDP).
  3. Identity Provider checks if any active session is going on if it not then it asks the user to enter the credentials and the authentication request is sent to IDP.
  4. Identity Provider (IDP) sends an authentication response to the Service Provider (SP).
  5. After authenticating the user with Identity Provider (IDP) Service Provider (SP) grants access to the user.

Limitations of Shibboleth

  1. Support limited protocols such as SAML.
  2. Support and customization are not available because it is open-source, unlike other vendors who provide full support.
  3. It is more complex to set up and configure. The configuration is more involved.
  4. It only supports Supports SAML 1 and SAML 2 and features up to Shibboleth 2.4 protocols.

Shibboleth Vs miniOrange IDP

Feature Shibboleth miniOrange IDP
Multi-Protocol support Supports only a few authentication protocols, like SAML1 & SAML 2 Fully supports all protocols for Authentication. miniOrange supports SAML, SAML 2, JWT, OAuth, OpenID Connect, CAS and more.
Configuration & Setup Require a more complex setup and configuration. Easy to set up and configure
Support As it is open-source limited support is provided. miniOrange provides 24*7 active support.
Multiple SP and IDP support It requires customization. miniOrange can act as an Identity broker and support authentication for multiple apps & IDPs


Related Articles:

Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to