Skip to main content Skip to navigation

SSOv3 (SAML 1)

SSOv3 is a completely new system that functions very differently to the old SSOv2. However, it is important to note that SSOv3 includes the same interfaces as SSOv2 for backwards compatibility. You may well use some of these interfaces in your application as they include UserLookup which allows you to look up users their attributes.

SSOv3 was rolled out in September 2005. This deployment should not affect anyone using SSOv2 as the switch was seamless.

Brian Foley has written some documentation on getting the standard Shibboleth on Apache working with SSOv3.

The authentication flow for an SSOv3 web application (here, Tabula) is shown below:

saml1_ssov3_diagram.svg

Below is a simple diagram illustrating the relationship between the old SSOv2 sentry interface and the new SSOv3 SAML interface. In both cases the sentry is used to look up arbitrary users, but in new mode the Shibboleth support is used for signing in (which includes retrieving attributes for the signed in user, so sentry is only used for looking up attributes for other users).

sso-interfaces.png