Feature request: Official support for Shibboleth Identity Provider 3 Plugin in PrivacyIDEA


I work at the University of Borås in Sweden. All universities in Sweden
are part of the SWAMID federation. Many of the universities use
Shibboleth Identity Provider 3 as their IDP. Due to GDPR, the need
for two-factor has increased significantly.

I have evaluated your product and used the following plugin in our
IDP to integrate these two.

Plugin I am using: https://github.com/wraezor/privacyIDEA-shibboleth-tfa

It has worked really well and I am very pleased with your product.
We have used both Yubikeys and Google Authenticator for login through
our IDP with a second factor.

However, when I upgraded from version 2.23.3 to version 3.0 of
PrivacyIDEA, the plugin in our IDP stopped working.

My question:
Is there any possibility that in the future you will also develop the
plugin for Shibboleth Identity Provider 3 as part of PrivacyIDEA?

I know that a number of universities in Sweden are interested in this.
We cannot use PrivacyIDEA if we cannot ensure that the plugin will
always work when upgrading PrivacyIDEA.

I look forward to a positive answer to the question :slight_smile:

Per-Olof Axelsson
University of Borås, Sweden

Hello Per-Olof,

thank you for using privacyIDEA. And thank you for your experience.
What do you mean with these two words in details and what do you expect when using the two words official and support?

The privacyIDEA code and the obove mentioned shibboleth plugin are both open source and thus come without any warranty or support.
Have you asked the developer @wraezor of the shibbolth plugin for help?

Kind regards

@lollo Take a look here: “it required just a small tweak”

Hi Cornelius,

Thanks for your quick answer. I am on vacation and have therefore not had the opportunity to answer earlier. Probably poor choice of words regarding your question about Official and Support :slight_smile:

Just as I said in my earlier post, it would be good if Shibboleth Plugin was also developed by those who develop PrivacyIDEA.

If PrivayIDEA meets our requirements, we will probably buy privacyIDEA Enterprise Edition. This assumes that we can be sure that Shibboleth Plugin works after upgrading the PrivacyIDEA.

I realize now that I probably should have asked NetKnights instead?

Thank you for the hint of the updated version of Shibboleth Plugin.

I would also like to thank wraezor for his work with Shibboleth Plugin. Good work!

Kind regards,

Hi Per-Olof,

yes, this would be great if NetKnights would develop the plugin for shibboleth.
But we can not do everything! We have a plugin for simplesamlphp and for keycloak. And there is a plugin for ADFS - and this is only the SSO IdPs.

However, we have a partner, who is into shibboleth very deeply and maybe we can arrange something via this way.

Simply contact me via email!

Kind regards