IDP Core Software Module

The IDP software module, depicted by the blue box ("Shibboleth IDP Middleware") in the above diagram, consists of a set of interfaces, called integration points, which must be connected to other system components for the IDP to work. In the case of Shibboleth, it is implemented as a Java servlet and runs within a Web servlet container.

The IDP core software module handles the processing of incoming SAML messages from SPs, as well as the creation of outgoing SAML messages to SPs. In addition, it manages signing and encryption of all outgoing SAML messages, as well as signature verification and decryption of all incoming SAML messages. In the case of Shibboleth, the Web servlet container in which the software runs is responsible for handling the IDP's connection-level (TLS) encryption needs. Interested readers may refer to [GFIPM U2S Profile] for normative details about the SAML protocols and messages used within the GFIPM federation; however, note that detailed knowledge of these protocols is not typically necessary for implementation of an IDP using COTS or open-source software.