Shibboleth Authentication on nginx - an achievement with little precedent worldwide

Issues before service introduction

  • The complications of viewing password-restricted pages was inconvenient for users
  • Updating content on restricted pages was done by importing a CSV file, making the update process difficult for administrators
  • Did not want to negatively affect current page loading speed

Effect after service introduction

  • Successfully implemented Shibboleth (Single Sign-On) on password-restricted pages, and users could log in and view pages smoothly
  • The previously cumbersome task of updating password-protected pages became easy
  • Implemented Shibboleth on nginx, a feat with few previous successes worldwide, without hurting site performance

Customer Information

National University Corporation Kanazawa University Kanazawa University Nano Life Science Institute Administration Office
Kanezawa University Nano Life Science Institute (NanoLSI) was founded in 2017 after the university’s concept was chosen by the Ministry of Education’s Word Premier International Research Center Program (WPI).
Through the use of state-of-the-art scanning probe microscope technology, they have been able to “see” biological phenomena that have not been seen before, from the creation and growth of life to the mechanism of diseases, such as cancer, aging, and are advancing the research into the mysteries of life.

Contact persons:
Tetsuya Inoshima (Kanazawa University Information Department, Information and Computerization Promotion Section)
Yuri Kadota (Kanazawa University Nano Life Science Institute Administration Office, Public Relations and Business Planning Group)

Development Partner

Contact person: Kentaro Morone (Sios Technology, Inc. 2nd Business Group Technology Division 1 OSS & Cloud Integration Group)

Sios Technology, Inc.
Sios Technology offers services centered around open source software such as Linux, including the development, sales and support of software products, developing custom information systems on commission, building system infrastructure, and support.
It has performed integration services, centered on authentication infrastructure, for over 150 universities and higher education institutions thus far.

Target Site

Kanazawa University Nano Life Science Institute
Kanazawa University Nano Life Science Institute

Kanazawa University Nano Life Science Institute

Kanazawa University Nano Life Science Research Institute widely publishes the activities and research results of the Nano Life Research Institute to the university and general public.
However, there were multiple pages that needed to be restricted to on-campus access. This was done using their CMS (WordPress) basic password feature, but having to regularly set the password was was inconvenient.
In order to fix this situation, they enabled Single Sign-On authentication with their existing on-campus Shibboleth (“Kanezawa University Integrated Authentication System”).

Shibboleth Authentication on nginx – an achievement with little precedent

Maintaining performance was one of the challenges posed by implementing Shibboleth Authentication.

They wanted to keep the KUSANAGI and nginx environment they already had, which solved their page loading issues during grade postings on the official university site. Unfortunately, there were few prior examples of Shibboleth being used on nginx.

To achieve this, the university decided on a joint development project between Sios Technology, with a long track record in authentication system integration, and Prime Strategy, the developer of KUSANAGI.

How single sign-on with Shibboleth works
How single sign-on with Shibboleth works

Challenges with building the site

Implementing Shibboleth on part of site currently in use presented a structural challenge.

With WordPress, since images are uploaded to one specific directory, there was a concern that a protected page’s images might be made public if one could not tell which images belong to which page.

In addition, some of the pages for staff were public and some were private.
This problem was solved by creating a new WordPress specifically for authentication, and dividing traffic by URL.

Migrating the operationally complex research library site to WordPress

(Right: Prime Strategy CEO Kengyu Nakamura, Left: Prime Strategy Director, CMO Yachiyo Nishimaki)
(Right: Prime Strategy CEO Kengyu Nakamura, Left: Prime Strategy Director, CMO Yachiyo Nishimaki)

The Nano Life Research Institution was also running an “Integrated Research Promotion Library” site using Shibboleth.

They were updating the site by importing CSV files.

Publications were put into a list, without proper categorization or searchability. This posed a problem for both management and usability, so the university decided to migrate this site to WordPress in addition to their Shibboleth project.


A few words from the related parties

Successfully achieved both speedy viewing and an easy-to-use administrator panel (Kanazawa University)

By implementing Shibboleth without changing the current environment, we were able to maintain the site’s high performance level. Now that we are also free of password-related complications, we plan to continue to build out our restricted pages in the future.

In addition, our Integrated Research Promotion Library site is not only easier to update, but also with things like being able to search for documents, user convenience has improved as well.

Integrating Academic Access Management Federation with WordPress – a novel idea (Sios Technology)

Integrating authentication still has many challenges due to the diversity of the field.
Sios Technology has been implementing Academic Access Management Federation and Shibboleth Authentication in many universities.

We see many universities that also manage their own proprietary web content, so when we were offered the opportunity to do authentication with the industry-leading CMS WordPress, we thought it was a great idea. I was glad to be able to take on this challenge myself, and as a result grow and contribute to others as well.

KUSANAGI’s evolution through joint development (Prime Strategy)

Thanks to our client Kanazawa University, whose site we manage, and the cooperation of our partner Sios Technology, we were able to develop KUSANAGI Shibboleth Authentication on nginx. There have not been many successes with this technology in the world yet.

It would not be an exaggeration to say that Shibboleth is the de facto standard Single Sign-On platform for education sites. In the future, we would like to help solve issues for customers who want to use Shibboleth Authentication while maintaining focus on the performance of their site.

(Right: Prime Strategy CEO Kengyu Nakamura, Left: Prime Strategy Director, CMO Yachiyo Nishimaki)
(Left: Prime Strategy CEO Kengyu Nakamura, Right: Prime Strategy Director, CMO Yachiyo Nishimaki)

Appendix / Explanation

Shibboleth Authentication

In order to use Single Sign-On with Shibboleth Authentication, it is necessary to have both an IdP (ID Provider) set up by an Academic Authorization Federation participant (such as a university), and an on-campus web service “SP” (Service Provider). In the past, setting up an SP was a difficult technical challenge. Even if an IdP was successfully present, connecting to an internal web service would require a professional developer.

It can be used by migrating the site to KUSANAGI Business Edition.

KUSANAGI Business Edition

KUSANAGI Business Edition is a business-oriented version of the ultra-fast virtual machine KUSANAGI.
In addition to KUSANAGI’s standard features, it has these additional merits:

  • Module updates from the repository until CentOS7 EOL
  • Operation guarantee for the newest WordPress 5.x versions
  • Compatibility with the newest major instance types
  • Shibboleth authentication (SP) on nginx/Apache



Developed by Prime Strategy, KUSANAGI is an ultra-fast, open source virtual machine that allows CMS to run at world class speeds.

It brings WordPress execution time to under four milliseconds, and enables 1,000 requests/second, even without page caching. With page caching, this increases to over 60,000 requests/second (both cases 4vCPU maximum performance).
And KUSANAGI is capable of delivering speeds 10 – 15 times faster than the standard LAMP stack, without page caching.

As of July 2019, KUSANAGI is available in 26 countries and 198 regions, on 28 major platforms internationally, and has had a cumulative 30,000 deployments thus far.

Please check the available cloud platforms.

KUSANAGI features and applicable edition

Feature KUSANAGI editions
Free Edition Business Edition Premium Edition
KUSANAGI standard features
Updates to all modules from the repository until CentOS7 EOL
Operation guarantee for the newest WordPress 5.x versions
Shibboleth Authentication SP Module(nginx、Apache)
WEXAL® Page Speed Technology ※

※The web system speed-tuning engine WEXAL® Page Speed Technology (below, PST). Among the many benefits of PST multi-layer optimization of the backend, network and frontend are faster page loading, improved Google PageSpeed Insights score, and speedy advertisement display. One can expect increased page views and conversion rates as a result of these improvements.

If you have any questions or concerns,
please feel free to contact us using our contact form.