Shibboleth SP Services FAQs


What is Shibboleth?

Shibboleth is the most widely adopted, tested, and deployed opensource SAML Single Sign-On (SSO) middleware. Shibboleth is used for implementing SAML, CAS and OpenID standard-based federated identity and SSO authentication capabilities. It is also open-source which means there is no license fee for the software, it is free.

Shibboleth middleware is highly flexible and interoperable. It can be deployed on any platform in the cloud or on-premises on LAMP or Windows platforms. It is easy to integrate with existing web servers, app servers, and apps.

We have a SaaS Portal and want to enable SAML SSO login authentication in our SaaS environment. Can 9STAR help?

Shibboleth is an opensource SAML middleware that is widely adopted, tested and deployed around the world with several hundred thousand installations. Shibboleth middleware is FREE with no license fee. Learn more about Shibboleth at

9STAR has been providing Shibboleth Services for 18+ years. We can help you deploy SAML SSO login authentication capability within your SaaS environment for a one-time fixed setup fee. Each time a Shibboleth node is deployed in either Production or Development/Staging environment of your SaaS application, we charge a one-time fixed fee per node. We do not charge any license fee for the Shibboleth software.

We typically assign a Shibboleth/SAML technical lead from 9STAR who then guides you through the entire Shibboleth/SAML SSO deployment process. The 9STAR technical lead will deploy the Shibboleth software for SAML SSO login authentication in concert with your IT/SaaS team. The deployment can be accomplished either by providing 9STAR technical lead:

  • Secure VPN/RDP/SSH access to your Dev/Production environment, OR
  • Via ScreenShare capability between your team and assigned 9STAR technical lead

We can deploy the SAML SSO authentication capability in your standalone or load-balanced clustered SaaS environments. As part of the setup, your SaaS portal will be integrated with your customer’s SAML Identity Provider (IDP). In addition, your SaaS team will be able to access end-user attributes and authentication information each time a user tries to login to your SaaS portal.

Does 9STAR provide ongoing Annual Support and Maintenance for the Shibboleth software? If yes, how does it work?

Yes. 9STAR has been providing annual support and maintenance for the Shibboleth/SAML open-source middleware for 18+ years. Once your Shibboleth/SAML SSO login authentication is all setup in your SaaS environment, you are now ready to access our annual support and maintenance. A typical Enterprise Support plan for Shibboleth includes:

  • Unlimited troubleshooting at your Shibboleth/SAML node.
  • Update and upgrade of the Shibboleth software.
  • Professional integration of additional new SAML IDP clients to your Shibboleth node for secure SSO access.

Does 9STAR need access to PII or end-user data during the Shibboleth/SAML setup process?

No. We do not need access to any PII or user-data or application-data. We only need temporary admin-level access to your SaaS portal virtual machines for the installation of the Shibboleth software. The access can be terminated once the Shibboleth setup is complete.

Does 9STAR need access to PII or end-user data for providing Shibboleth Support and Maintenance?

No. We do not need access to any PII or user-data or application-data. Support and maintenance services are provided under your directions at all times. 9STAR technical support team can provide support either via ScreenShare or via secure remote VPN/SSH/RDP access to the machine instance that is hosting the Shibboleth software. We only need access to Shibboleth configuration and Shibboleth software files for providing support and maintenance. Each time we make a change to Shibboleth, we notify all relevant members of your team are notified of the change via email. Your team is always kept in the loop and no changes are made without your explicit permission.

How long does it take to setup Shibboleth for SAML SSO authentication in our SaaS environment?

It usually takes 5-7 business days for setting up a Shibboleth node on a standalone SaaS server node and integrating the SaaS node with your customer’s SAML IDP server for SSO authentication. For a load-balanced clustered configuration, or for adding/integrating additional clients, it usually takes longer. Your assigned technical lead at 9STAR will be able to provide you with additional guidance based on your specific SaaS App requirements and IT infrastructure.

Is the Shibboleth Setup Service SLA-driven?

Yes. At 9STAR, we pride ourselves in providing quality enterprise-grade services that combine People, Systems, and Processes. The professional service for setup and support for Shibboleth is SLA-driven and insured for up to $5M USD. The SLA documents are provided by your account representative as part of the price quote document.

How much do the Shibboleth setup and support services cost?

We provide an individualized and customized setup/installation service for a one-time fixed fee which is based on your use-case and requirements. The support and maintenance is an annual subscription fee which is also based on your use-case and requirements. So please contact your account executive directly or contact for pricing information.

We are all setup with the Shibboleth/SAML node for SSO login authentication, how do we proceed to onboard new customers for SAML SSO based access to our SaaS site?

We have made the process quite simple. Once you have a new SAML IDP customer, then feel free to refer them to your assigned technical lead at 9STAR. The 9STAR technical lead will then follow-up with appropriate technical guidance for configuring your client’s SAML IDP via email. During this process, your team will always be kept in the loop and in sync. Once your client confirms the configurations at their endpoint, your SaaS team will then be able to test and access all user attributes and authentication information that is needed by your SaaS App for authorized access management. Your IT team will not need to do any SAML configurations in your SaaS environment.

Shibboleth SAML looks quite complex. It seems we have to get our IT Department and Software Development Departments involved each time we onboard a new SAML IDP-client. Is there a way to offload SAML complexities and management to 9STAR?

Yes. You are in luck. 9STAR provides a SAML offloading cloud-hosted managed service called ElasticSSO Cloud Proxy (ESSOCP) Service to accomplish just this capability. And please do not hesitate to contact your account representative at or check out the  FAQ (Frequently Asked Questions) about the ESSOCP Service.


Get Connected.

We welcome you to contact us for more information
about any of our products or services.

CALL: +1.888.999.8934