Shibboleth is a free, open-source web single sign-on system with rich attribute-exchange based on open standards, most notably SAML. Shibboleth has widespread adoption in higher education and government due to “built in” privacy provisions that meet the privacy obligations of accredited schools and security conscious organizations.

1. Many people are interested in deploying a Shibboleth Identity Provider (IdP) to enable
secure organizational single sign-on (SSO).
Shibboleth is a free, open-source web single sign-on system with rich attribute-exchange
based on open standards, most notably SAML. Shibboleth has widespread adoption in
higher education and government due to “built in” privacy provisions that meet the
privacy obligations of accredited schools and security conscious organizations. Other
benefits of Shibboleth include a lightweight memory footprint and support for multi-
party federations, like In Common.
As a federated system, a Shibboleth IdP supports secure access to resources across
security domains. Information about a user, otherwise known as attributes, are sent
from a home identity provider (IDP) to a service provider (SP), which prepares the
information for protection of sensitive content and use by applications.
These so-called federations, while not a purely technical construct, can often be used to
help providers trust each other in a scalable way. A typical use case is a person accessing
a protected resource, authenticating at their identity provider, and ending up back at the
resource logged in.

2. Without going into excessive detail, this is how the resource-access process actually
happens, and how it fits with the IDP and SP configuration:
1. User Attempts to Access a Protected Resource
2. SP Determines IDP and Issues Authentication Request
3. User Authenticates to the IDP
4. IdP Issues Response to SP
5. Back to the SP
6. Access Granted to the Protected Resource
Why Use a Managed Service for your Shibboleth IDP:
Configuring and operating a Shibboleth Identity Provider and comprehensive SSO
service involves technical know-how that can be time consuming to obtain and
expensive to retain (i.e. keeping employees with the necessary skill sets). Identity
management and federation protocols and software such as SAML and Shibboleth are
increasingly niche skill sets, and a subscription to the Gluu Server ensures that your
organization is able to deliver a secure and reliable IDP service year after year at a
predictable annual cost.

3. In addition, the Gluu Server supports not only SAML, but also OpenID Connect and
UMA, two new profiles of OAuth 2.0 that better support emerging authentication and
authorization requirements like mobile and native SSO, and web and API access
management.
At Gluu, we employ authentication, authorization and federation experts to augment
your operational staff. With Gluu’s managed IDP service and utility open source
software stack, you can add a layer of support for increasingly complex SAML and
OpenID Connect SSO requirements, while decreasing dependence on highly specialized
employees, proprietary software and high priced contractors.
Article resource:-https://sites.google.com/site/thegluuserver/shibboleth-idp-what-it-is-
and-why-to-consider-a-managed-shib-services-like-gluu