Location: Settings link in Settings > Site administration > Plugins > Authentication > Manage authentication
Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain usernames and passwords. Identity providers (IdP’s) supply user information, while service providers (SP’s) consume this information and gate access to secure content.
(Taken from Wikipedia, the free encyclopedia)
Configuring LMS to use Shibboleth
The README.txt file in the auth/shibboleth folder of your LMS distribution contains set-up instructions.
Shibboleth in the UK
In the UK Becta and JISC have implemented an education federation using Shibboleth to provide single sign-on. This means that education establishments in the UK using LMS should be able to authenticate their users via Shibboleth IF their education organization joins the UK Access Management Federation and their users’ identity is held by the identity provider the LA/RBC use. For maintained schools in the England and Wales, this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC).
Additional notes
Some IdPs will only share a minimal set of user fields with your LMS SP, which can cause problems:
- LMS errors relating to missing Shibboleth fields can be fixed by altering the data mappings within the Shibboleth authentication plugin, and ensuring that fields are not locked. The user will be asked to manually provide data if Shibboleth does not automatically provide the corresponding information.
- LMS errors relating to invalid characters in username can be fixed by Allowing extended characters in usernames (found under Security > Site policies).