Shibalike: a PHP emulation of a Shibboleth environment

Update 2011-06-23: All the essential components of Shibalike are complete and the project is hosted on Github. This is currently blueprint-ware, but I’m excited about it.

A co-worker and I have laid out a design for a flexible system that can emulate a working Apache/PHP Shibboleth stack, without requiring any outside resources (e.g. an IdP, mod_shib, shibd). I see this as useful in several cases/for several reasons:

  • Setting up your own IdP for testing would be a pain and a maintenance headache.
  • Depending on your institution, getting attributes approved for release to a new host may be time-consuming or impossible.
  • Shibboleth won’t work on http://localhost/.
  • You want to be able to test/experience a similar sign in process on localhost as users do in production.
  • You want to be able to test your PHP-based shibboleth auth module without a working shib environment.
  • You want to emulate an IdP problem, or allow a secondary auth method to kick in if the IdP is down (without switching auth adapters).
  • You might want to “hardcode” an identity for a unit/integration test
  • You might want to give a select group the ability to login under a testing identity after they authenticate at the real IdP.

Continue reading