BRISTOL, England, Dec. 11, 2019 – The Shibboleth Consortium, a non-profit organization that ensures the ongoing development, support and maintenance of one of the world’s most widely deployed federated identity solutions, announced today that it will now support and maintain the Shibboleth OpenID Connect (OIDC) extension that was developed specifically for the global research and education (R&E) community by the GÉANT (GN4-3) Project..
Shibboleth is an open-source project that provides a single sign-on software suite. The Shibboleth software is the most widely used federated identity solution in eduGAIN for both identity providers (IdP) and service providers (SPs). eduGAIN is a global service that provides an efficient, flexible way for participating federations, and their affiliated users and services, to interconnect.
The GÉANT Project, responsible for managing the development of the Shibboleth OIDC extension since 2016, is co-funded by Europe’s National Research and Education Networks (NRENs) and the EU to deliver a catalogue of advanced, user-focused services, and a successful program of innovation that pushes the boundaries of networking technology to deliver real impact to over 50 million users.
Manne Miettinen, senior expert, CSC – IT Center for Science in Finland, and NORDUnet representative to the Shibboleth Consortium Board commented: “I’m excited to see the handover of the Shibboleth OIDC extension from the GÉANT Project to the Shibboleth Consortium. The Board believes that the OIDC functionality in the Shibboleth IdP software will further strengthen the position of the Shibboleth software for the academic authentication and access federations, making it easier for universities to take advantage of a new generation of services using OIDC technology.”
OpenID Connect
Identity based authentication protocols provide a secure way for online users to access resources without having to expose their credentials. eduGAIN presently supports the Security Assertion Markup Language (SAML2) authentication protocols, however, there has been growing interest among enterprises and federations to also support the OIDC standard.
OIDC is another identity protocol that allows applications to verify the identity of the end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable manner.
Scott Cantor, senior systems developer at The Ohio State University and a leading developer on the Shibboleth project since its inception added, “OIDC is well-suited to a wide variety of deployment environments and is particularly attractive within the enterprise, a key constituency of the Shibboleth Consortium.”
Shibboleth OpenID Connect Extension in the GÉANT Project
In 2016, a working group was formed that brought together the Shibboleth development team and the GÉANT Next Generation Trust & Identity Technology team to implement native OIDC support for the Shibboleth IdPv3 software.
Niels van Dijk, work package leader of the GÉANT Trust and Identity Incubator, notes: “Much of the heavy lifting in the development was done by the Incubator team, specifically with participation from the Finnish national research and education network, CSC. Throughout the development, the close collaboration with the Shibboleth development team has been very helpful. Not only to guide and support the development work of our team, but to ensure that the extension was a good fit with the overall Shibboleth product.”
In the beginning of 2019, after a number of alpha and beta releases, a production ready 1.0 version of the extension was released. It quickly gained interest and popularity among the wider Shibboleth user community, who continue to provide feedback for improvements on the Shibboleth OIDC extension.
In late October 2019, the extension was formally certified by the OpenID Foundation, a non-profit international standardization organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies.
“The formal certification of the Shibboleth OIDC extension by the OpenID Foundation was felt to be a critical part of the work. With the certification in place, we have shown to be fully interoperable with the OIDC standard,” added van Dijk.
The journey of OIDC in the R&E world has just begun, but it already coalesced a community of identity professionals that are eager to use it and participate in its further development. Under the management of the Shibboleth Consortium and with continued support from the GÉANT Project, the working group anticipates wider adoption with the release of IdPv4 in 2020 and full integration of the code into the core Shibboleth software with IdPv5 in 2021.
About Shibboleth Consortium
The Shibboleth Consortium is the body which ensures the ongoing development, support and maintenance of the Shibboleth software. It is comprised of members who contribute financially at varying levels depending on size and type of organisation. The consortium consists of three principal members, thirteen national research and education networks, thirty three academic and non-profit members, as well as three commercial members from North America, South America, Europe, Asia, and Oceania. Jisc, provider of the United Kingdom’s national research and education network, is the operator of the consortium, responsible for its day-to-day management. For more information, visit www.shibboleth.net/consortium
About GÉANT
GÉANT is Europe’s leading collaboration on network and related infrastructure and services for the benefit of research and education, contributing to Europe’s economic growth and competitiveness. The organisation develops, delivers and promotes advanced network and associated e-infrastructure services, and supports innovation and knowledge-sharing amongst its members, partners and the wider research and education networking community. For more information, visit www.geant.org
Source: Sara Aly, Internet2