What is this?
Shibboleth Identity Provider is a mature, SAML-based single sign on (SSO) web application widely deployed in academic organisations. It's used by millions of staff and students around the world.
Ishigaki is a minimalist, Debian-based, Shibboleth IdP Docker image. It is maintained by Digital Identity Ltd. Ishigaki is intended to be a solid foundation for other images but can also be used directly by mounting volumes for configuration directories.
This image is not a stand-alone production-ready IdP - it's meant to be configured and then used in conjunction with other services to handle TLS, databases, LDAP, and so on. It's especially well suited to use with Docker Compose, Rancher or Kubernetes.
Why use this?
- Modern: uses the latest Shibboleth IdP, Jetty and Debian OS.
- Small: based on Minideb and built carefully, Ishigaki is only around 350MB and the download is under 180MB
- Secure: updated daily, nothing runs as root, and directory permissions are managed
- Tested: Ishigaki is built and tested automatically
- Maintained: we use this image ourselves
Any reasons not to use this?
- It is not ready-to-use, and there is no UI or simplified configuration: you need to understand how to configure a Shibboleth IdP
- It's got no warranty or support (but see Ishigaki Academic Edition details below)
- It does not use the official Oracle JDK - it uses a high quality JDK from Zulu but Shibboleth community support may
depend on using Oracle's software (again, see below for other options)
- It requires other supporting services to provide TLS and user information
- Docker should not be used in production unless you have a reliable process for regularly updating images and replacing containers
- It's relatively new - we expect to find more bugs