Development libraries and guides

The Australian Access Federation is currently working to develop a set of libraries to help application developers bring new services into the federation.

These libraries make it easy to do development on local machines without needing to install a complete Shibboleth service provider and when ready to be moved to proper testing environments integrate to the Shibboleth SP without further effort.


The following concepts are represented across all integrators supplied by the AAF:
  1. Subject - Security specific view of an entity capable of being authenticated to an application. It can be a human being, a third-party process, a server etc. Also referred to as ‘user’.
  2. Principal - A subjects uniquely identifying attribute. This is generally mapped to the federation attribute eduPersonTargetedID. For non federated applications this is a ‘username’
  3. Credentials - Data used to verify identity at session establishment. For integrators this is the associated SAML assertion and is represented by a unique internal sessionID. For non federated applications this is usually a ‘password’
  4. Attributes - A subjects identifying attributes. Names, email, entitlements etc.For non federated applications these need to manually entered. For federated applications they are in many cases automatically supplied.


We currently have libraries for the following platforms available:
  1. Grails -
  2. Ruby on Rails -
We plan to support the following in the future:
    1.    PHP
    2.    .Net

Community Contributions

Within the AAF community several folks have been working on integrating applications to the federation using technologies not listed above. As these become publicly available they will appear here.