An Identity Provider has the primary function of authenticate users. Furthermore, it releases user attributes to service providers in form of SAML2 assertions. Various software implements SAML2 standard assertions. University of Trieste choose Shibboleth as its identity provider. Shibboleth is developed by Internet2 that also developes OpenSAML. OpenSAML is a set of open source Java and C++ libraries designed to support Security Assertion Markup Language (SAML) development. Several Shibboleth developers are also involved in writing the Oasis SAML standard and in the OpenSAML project.
An IdP may be used not only in a federated environment, but also as an authentication system for any web resource that needs to be potected. Local Idem technical staff is glad to share its know-how and consider new application for Idem service providers or local, not federated authenticated websites. We wrote some guides to address to easy Shibboleth Service Provider installation and configuration. This guides are available in Italian from the dokuwiki site of Divisione ISI.
In order to protect our user privacy University of Trieste decided to use uApprove software, developed by the SWITCH Swiss Federation. This open source software let each user see and approve attributes that will be transmitted to each service provider on-access.