Nuxeo recently developed a module to add Nuxeo DM (Open Source Document Management) to the applications available through the Shibboleth Authentication system for the University of Rennes 1, France, for the consortium ESUP-Portal. In the spirit of community, we have packaged the technology and made it available on the Nuxeo Marketplace, so others can share the Shibboleth love.

Federated identity systems make a lot of sense for both system administrators and system users. It allows for information about users in one security domain to be provided to other organizations in a federation, enabling cross-domain single sign-on.

The Shibboleth System is an open source software package for cross-domain single sign-on. The Shibboleth Authentication package enables a Shibboleth system to include the Nuxeo DM application in its federated identity management system, so that users logging into the single sign-on system will have access to their organization's deployment of Nuxeo DM.

The Shibboleth Authentication package for Nuxeo DM authenticates the user based on HTTP headers received from the Shibboleth Service Provider. It also creates (or updates) an entry in the Nuxeo User Directory for this user. A service within Nuxeo configures the mapping between the user metadata and the header names.

Shibboleth is typically used in university networks, but this package is available for any system administrator who wants to include Nuxeo DM in the Shibboleth-based federated identity-based authentication and authorization infrastructure.

The Shibboleth plugin for Nuxeo DM is available for download from the Nuxeo Marketplace. Nuxeo Online Services subscribers can download and install Marketplace packages from their application. Non-subscribers can sign up for a free trial to access packages from the Marketplace.

Once downloaded, be sure to follow the steps in the post install requirements document to correctly enable this functionality. This document details how to register the Shibboleth authentication in the authentication chain. See "Useful links and resources" on the Shibboleth package page for full instructions.

The Shibboleth Authentication package source code is available here:
Guidelines for using Nuxeo source code are available in the Nuxeo Documentation Center.

The Shibboleth authentication module source code is available as part of the nuxeo-platform-login addon.

-- @JaneZupan and Thomas Roger