Software Alternatives, Accelerators & Startups
Register | Login

Shibboleth VS IdentityServer

Compare Shibboleth VS IdentityServer and see what are their differences

Hyperview
DCIM software reinvented. featured
Contents:
  1. » Base Details
  2. » Videos
  3. » Reviews
  4. » Alternatives

Shibboleth logo Shibboleth

standards based, open source software for web single sign-on across or within organizational...

IdentityServer logo IdentityServer

An open-source, standards-compliant, and flexible OpenID Connect and OAuth 2.x framework for ASP.NET Core
  • Shibboleth Landing page
    Landing page //
    2023-06-27
  • IdentityServer Landing page
    Landing page //
    2023-02-03

Shibboleth features and specs

  • Open Source
    Shibboleth is an open-source identity provider, which means it is free to use and has a community-driven development approach. This can lead to more transparency and adaptability for organizations.
  • Interoperability
    Shibboleth supports various protocols such as SAML (Security Assertion Markup Language), allowing for seamless integration with many identity and access management systems and services.
  • Scalability
    Designed to handle large numbers of users and complex federated identity deployments, Shibboleth can scale to meet the needs of large organizations or academic institutions.
  • Federated Identity Management
    Shibboleth enables the sharing of identity information across different organizations, which is particularly beneficial for educational institutions and research organizations that collaborate frequently.
  • Community Support
    A strong user community provides substantial support, documentation, and shared experiences, which can aid in troubleshooting and optimizing deployments.

Possible disadvantages of Shibboleth

  • Complex Configuration
    The initial setup and configuration of Shibboleth can be complex and may require a steep learning curve, especially for those not familiar with identity and access management concepts.
  • Resource Intensive
    Due to its comprehensive feature set and capabilities, Shibboleth may require more resources (such as server capacity and administrative effort) compared to simpler solutions.
  • Limited User Interface
    Shibboleth is primarily back-end software and lacks a modern, user-friendly interface, which can make administration and management more challenging for less technical users.
  • Dependency on Community
    Being open-source and community-driven, updates and feature enhancements depend on community contributions, which may not be as predictable or frequent as with commercial products.
  • Niche Use Case
    Shibboleth is primarily targeted towards academic institutions and research communities, which might make it less appealing or overkill for smaller organizations or those outside these sectors.

IdentityServer features and specs

  • Open Source Foundation
    IdentityServer is built on an open-source foundation. It has been widely used and developed by a community, ensuring transparency, reliability, and continuous improvements.
  • Comprehensive Protocol Support
    It supports industry standards such as OpenID Connect and OAuth 2.0, which are essential for authentication and authorization processes.
  • Customizability
    IdentityServer offers high levels of customizability, allowing developers to tailor authentication and authorization features to specific application needs.
  • Enterprise-Ready
    Designed to handle complex enterprise scenarios with robust performance and scalability options suitable for large-scale applications.
  • Strong Security Features
    Includes several security mechanisms to protect sensitive data, such as secure token storage and advanced encryption options.
  • Comprehensive Documentation
    Provides extensive documentation and resources, helping developers to implement and troubleshoot the server effectively in their systems.

Possible disadvantages of IdentityServer

  • Licensing Cost
    Since its transition from IdentityServer4 to a non-OSS model under Duende Software, organizations need to purchase a license for commercial use, impacting budget-conscious projects.
  • Complexity
    Can be complex to set up and configure properly, especially for teams that are new to security protocols like OAuth and OpenID Connect.
  • Maintenance Overhead
    Requires ongoing maintenance and updates to ensure security and compatibility with evolving protocols, which can be resource-intensive.
  • Potential Overhead for Small Projects
    May be overkill for smaller projects or teams that do not require robust authentication systems, where simpler solutions might suffice.
  • Community vs. Commercial Transition
    The switch from a community-driven open-source project to a commercial product may alienate previous users who relied on its open-source nature.

Shibboleth videos

+ Add

Shibboleth Review

More videos:

  • Review - Shibboleth - Testimonials from Dalton, GA
  • Review - Bower's Game Corner #515: Shibboleth Review

IdentityServer videos

+ Add

Federated Identity: An intro to OAuth2, Open Id Connect & Duende IdentityServer 5 | Anthony Nguyen

More videos:

  • Review - There's an IdentityServer in my API project - Anders Abel

Category Popularity

0-100% (relative to Shibboleth and IdentityServer)

Shibboleth

IdentityServer

Identity Provider
51 51%
Identity Provider
49% 49
Identity And Access Management
47 47%
Identity And Access Management
53% 53
SSO
52 52%
SSO
48% 48
Monitoring Tools
100 100%
Monitoring Tools
0% 0

User comments

Share your experience with using Shibboleth and IdentityServer. For example, how are they different and which one is better?
Log in or Post with

Reviews

These are some of the external sources and on-site user reviews we've used to compare Shibboleth and IdentityServer

Shibboleth Reviews

We have no reviews of Shibboleth yet.
Be the first one to post

IdentityServer Reviews

10+ Open-source Single-Sign On (SSO) Solutions
If you are looking for a certified and complaint system to OpenID Foundation, with .Net technologies, then IdentityServer is your answer.
Source: medevel.com
Top 5 Open Source Single Sign-On Software In the Year 2021
IdentityServer is an open source free single sign-on software. It is a cross-platform framework based on OpenID Connect and OAuth 2. Further, this open source software provides central authentication and authorization capabilities for multiple applications. It supports federated identities, multiple flows, and API authorization. Moreover, this self hosting software enables...
Source: blog.containerize.com

Social recommendations and mentions

Based on our record, IdentityServer seems to be more popular. It has been mentiond 7 times since March 2021. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.

Shibboleth mentions (0)

We have not tracked any mentions of Shibboleth yet. Tracking of Shibboleth recommendations started around Mar 2021.

IdentityServer mentions (7)

  • Identity server 4
    Its deprecated in favor of Duende Identityserver which introduced a license model. Source: over 1 year ago
  • How does cookie based authentication work?
    Tokens usually have a lifetime and they are separate from the user's authentication principals like username and password. Unless you are rolling your own form of token provider (not something that would be recommended) the token creation is handled for you. Take a look at https://identityserver4.readthedocs.io/en/latest/ or if your organization makes under 1M in income a year the free version of what Identity... Source: over 2 years ago
  • ImageSharp leaving the .NET Foundation due to licensing change
    I think Duende (Identity Server) handled the situation pretty well. https://duendesoftware.com/products/identityserver > Standard License Pricing. - Source: Hacker News / over 2 years ago
  • Why is authentication such a sh*t show with .NET 6?
    He's referring to IdentityServer 3/4, which was open sourced, and was not owned by Microsoft. That 3rd party is commercializing their work (and to be fair, it's a lot of work) as https://duendesoftware.com/products/identityserver , and has a different commercial licensing model. Source: almost 3 years ago
  • Show HN: Open-Source Identity Server Written in Go (Ory Kratos)
    I think "Identity Provider" is more correct, no? "IdentityServer" is the name of a specific IdP implemented in .NET (formerly OSS as https://identityserver4.readthedocs.io/en/latest, and now as a more commercial form as Duende IdentityServer: https://duendesoftware.com/products/identityserver). - Source: Hacker News / almost 3 years ago
View more

What are some alternatives?

When comparing Shibboleth and IdentityServer, you can also consider the following products

Keycloak - Open Source Identity and Access Management for modern Applications and Services.

CAS - Apereo CAS - Enterprise Single Sign On for the Web

ASP.NET Identity - ASP.NET Identity is a membership-based software system designed for the authentication and authorization of the users via building an ASP.NET application.

DbProtect - Trustwave DbProtect is a highly scalable database security platform that helps organizations secure their relational databases and big data stores, both on premises and in the cloud.

Auth0 - Auth0 is a program for people to get authentication and authorization services for their own business use.

Webroot - Webroot delivers multi-vector protection for endpoints and networks and threat intelligence services to protect businesses and individuals in a connected world.

Loading...