Shibboleth:

       Shibboleth is a 'single-sign in', or logging-in system for computer networks and the Internet. It allows people to sign in, using just one 'identity', to various systems run by 'federations' of different organizations or institutions. The federations are often universities or public service organizations.

The Shibboleth Internet2 middleware initiative created an architecture and open-source implementation for identity management and federated identity-based authentication and authorization (or access control) infrastructure based on Security Assertion Markup Language (SAML). Federated identity allows for information about users in one security domain to be provided to other organizations in a federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain user names and passwords. Identity providers (IdPs) supply user information, while service providers (SPs) consume this information and give access to secure content.

 Service Provider:

The Service Provider SSO-enables and Federation-enables web applications written with any programming language or framework; integrating natively with popular web servers such as Apache and IIS. A loosely coupled integration strategy allows you to support SAML, rich attribute-exchange, and many value-added features, often without significantly changing your application code or using proprietary interfaces.

The normal Service Provider process is:

    Intercept access to a protected resource or application entry point.
    Discover the user's choice of Identity Provider.
    Issue a SAML authentication request to the selected Identity Provider.
    Process the SAML authentication responses and extract rich user information.
    Apply local policies and gather additional data.
    Pass rich identity information to application resources.