Shibboleth allows organizations to exchange information about users securely and privately. Shibboleth is a single sign-on system that authenticates visitors to a website by accessing information stored on the user's security domain. This permits users to access controlled information securely from anywhere without additional passwords or needlessly compromising privacy. For example, if a student is taking classes at two universities, and both schools use Shibboleth, the student may have a single username and password to access information at both universities' websites.

The Shibboleth provider shipped with Learn cannot be configured in isolation like the other providers. You need additional software installed on the Learn server and additional configuration is required. This provider is considered a custom authentication provider. On Windows, you can install Shibboleth 2.x with the default IIS7. On UNIX systems, another key component requirement of a Shibboleth Authentication Integration is the installation of Apache™ HTTP Server 2. Apache 1.3 is not compatible with Shibboleth 2.x.

Configure a Shibboleth provider

You need to create and configure a Shibboleth provider prior to installing the Shibboleth software on the Learn application servers.

  1. Optionally, set the:
    1. Attribute Source as Environment. The default is HTTP headers. This defines where Learn loads the Shibboleth attributes from. Apache (UNIX) typically provides attributes using environment variables, while IIS (Windows) provides them using HTTP headers.
    2. Shibboleth Spoof Key. The default is a randomly generated key. This key is a shared secret that ensures HTTP headers cannot be tampered with. Make a note of this key as you need it when configuring the Shibboleth software. You can set this property only if the Attribute Source property is set to HTTP headers.
  2. Provide the Logout URL. The default is /Shibboleth.sso/Logout. This represents the URL that users are redirected to when they select Logout within Learn. You may provide a URL that is relative to Learn or an absolute URL.
  3. Make a note of the Secure Location URL and Notification URL as these are needed when configuring the Shibboleth software.
  4. Select Submit to save the configuration.

Before making the new authentication provider Active if your Learn application servers are UNIX you need to install and configure the Shibboleth software and Apache™ HTTP Server 2.x. Once installed, select Test Connection Settings from the menu to confirm that the configuration works as expected.