The aim of Shibboleth protocol is mainly to relieve users within, for example, large public or private institutions such as universities, companies that have a variety of different applications or services that require authentication. Shibboleth protocol operates on the principle of single sign-on, which means that the user needs only one username and password to log in to all applications within an institution. In the first part, we will describe the research and concepts of the Shibboleth protocol and its links with other mechanisms, in particular with the mechanism single sign-on. The emphasis will be placed on SAML (Security Assertion Markup Language) protocol which Shibboleth is based on and referred to. We will also describe the operation of the IDP (identity provide), SP (service provider) and the steps that take part between them in the registration process.
In the second part of the thesis, we will describe the course of implementation and configuration of the prototype Shibboleth protocol on a local network based on Windows systems.
|