eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-30 11:27:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
authentik/website/docs/users-sources/sources/social-logins/shibboleth/index.md
Teffen Ellis 6ed5cb5249 website/docs: Modal and wizard button labels (#21549) 
* website/integrations: rename "Create with Provider" to "New Application"

The application list page now uses a split-button labeled
"New Application" instead of the old "Create with Provider" dropdown.
Update all 113 integration guides to match.

* website/docs: update flow, stage, and policy button labels

- "Create" → "New Flow", "New Stage", "New Policy" for trigger buttons
- "Finish" → "Create Flow", "Create Stage", "Create Policy" for submit
- "Create and bind stage" → "New Stage" / "Bind Existing Stage"
- "Create" (binding submit) → "Create Stage Binding"

* website/docs: update provider button labels

- "Create" → "New Provider" for trigger buttons
- "Create with Provider" → "New Application" in RAC docs
- "Create" → "New Property Mapping", "New RAC Endpoint", "New Prompt"
  for related entity creation

* website/docs: update directory button labels

- "Create" → "New Source" for federation/social login pages
- "Create" → "New Role", submit → "Create Role"
- "Create" → "New Invitation"
- Policy binding submit → "Create Policy Binding"

* website/docs: update endpoint device and system management button labels

- "Create" → "New Endpoint Connector", "New Enrollment Token",
  "New Device Access Group", "New Flow"
- Submit → "Create Device Access Group"
- "Create" → "New Notification Rule", "New Notification Transport"
- Binding submit → "Create Policy Binding"

* Reorganize policy documentation

* website/docs: address policy docs review feedback

* post-rebase

* website/docs: Reorganize policy documentation -- Revisions (#21601)

* apply suggestions

* Fix escaped.

* Fix whitespace.

* Update button label.

* Fix phrasing.

* Fix phrasing.

* Clean up stragglers.

* Format.

---------

Co-authored-by: Dominic R <dominic@sdko.org>
2026-04-16 17:35:38 +00:00

74 lines
3.2 KiB
Markdown
Raw Blame History

---
title: Shibboleth
tags:
- source
- shibboleth
- saml
---
Allows users to authenticate using their [Shibboleth](https://www.shibboleth.net/about-us/the-shibboleth-project/) credentials by configuring Shibboleth as a federated identity provider via SAML.
## Preparation
The following placeholders are used in this guide:
- `authentik.company` is the FQDN of the authentik installation.
- `shibboleth.company` is the FQDN of the Shibboleth IdP installation.
- `shibboleth-slug` is the slug you will assign to the SAML source in authentik (e.g., `shibboleth`).
## authentik configuration
To integrate Shibboleth with authentik you will need to create a SAML source in authentik.
### Create a SAML source in authentik
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Directory** > **Federation and Social login** and click **New Source**.
3. Select **SAML Source** and configure the following settings:
- Set **Name** to `Shibboleth`.
- Set **Slug** to `shibboleth` (this sets the slug used in Shibboleth's metadata url).
- Set **SSO URL** to `https://shibboleth.company/idp/profile/SAML2/Redirect/SSO`.
- Set **Binding Type** to `Redirect`.
- Set **Issuer** to `https://authentik.company/source/saml/<shibboleth-slug>/metadata/`.
- Set **NameID Policy** to `Transient`.
:::warning NameID Policy
Shibboleth supports the `Transient` NameID by default. You will need to reconfigure Shibboleth to use other NameIDs.
:::
- Set **Signing Keypair** to an authentik certificate (e.g., the default `authentik Self-signed Certificate`).
- Set **Encryption Certificate** to an authentik certificate (e.g., the default `authentik Self-signed Certificate`).
4. Click **Finish**.
:::info Display new source on login screen
For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
:::
:::info Embed new source in flow :ak-enterprise
For instructions on embedding the new source within a flow, such as an authorization flow, refer to the [Source Stage documentation](../../../../../add-secure-apps/flows-stages/stages/source).
:::
## Shibboleth configuration
To integrate Shibboleth with authentik you will need to add authentik as a service provider in your Shibboleth IdP.
### Add authentik as a Service Provider
1. Edit `/opt/shibboleth-idp/conf/metadata-providers.xml` on the Shibboleth IdP server.
2. Add the following `MetadataProvider` element before the final closing tag of the existing `MetadataProvider` block:
```xml
<MetadataProvider id="Authentik"
xsi:type="FileBackedHTTPMetadataProvider"
backingFile="%{idp.home}/metadata/authentik-metadata.xml"
metadataURL="https://authentik.company/source/saml/<shibboleth-slug>/metadata/" />
```
3. Restart the Shibboleth IdP to apply the changes.
## Source property mappings
Source property mappings allow you to modify or gather extra information from sources. See the [overview](../../property-mappings/index.md) for more information.
## Resources
- [Shibboleth IdP Documentation](https://shibboleth.atlassian.net/wiki/spaces/IDP5/overview)
Reference in New Issue View Git Blame Copy Permalink