Skip to content Skip to site navigation Skip to service navigation

Setting up a Stanford Service Provider using Stanford's Federated IdP (SAML2) (Lecture)

Class Sessions

Date Costsort descending
  • Wed Feb 21, 9:00 am to 12:00 pm

Class Code


Class Description

As Stanford is moving from Webauth to SAML 2.0 this lecture will help you understand what that means for you as an application/service provider.

So you need to authenticate users for your application/service on the network and you don't want to have to handle password changes and everything else that comes with managing users locally?  The Information Security Office has strongly suggested that you should use the campus single-sign on (SSO) infrastructure.

This lecture will cover the terminology of Shibboleth and the Security Assertion Markup Language (SAML) and how it is made available to campus from University IT's campus infrastructure.  It will cover the steps to configure two SAML components.  The objective is that class participants will gain the knowledge necessary to build and configure applications that leverage Stanford's single-signon infrastructure.
Topics covered in this lecture include:
- the terminology:
- Shibboleth
- Stanford Webauth
- SAML entities
- IdP, AA, SP, RP, federations
- Working with SAML metadata
- assertions
- claims
- confirming authentication and getting user attributes
- configuring Apache with mod_shib
- review of all the pieces
- overview of the registration process
- what's required in the Apache configuration and metadata files
- configuring Node.js with passport-saml
- review of all the pieces
- overview of the registration process
- what's required in the Node configuration and metadata files