Index: src/__phutil_library_map__.php
===================================================================
--- src/__phutil_library_map__.php
+++ src/__phutil_library_map__.php
@@ -93,6 +93,7 @@
     'PhutilAuthAdapter' => 'auth/PhutilAuthAdapter.php',
     'PhutilAuthAdapterEmpty' => 'auth/PhutilAuthAdapterEmpty.php',
     'PhutilAuthAdapterLDAP' => 'auth/PhutilAuthAdapterLDAP.php',
+    'PhutilAuthAdapterShibboleth' => 'auth/PhutilAuthAdapterShibboleth.php',
     'PhutilAuthAdapterOAuth' => 'auth/PhutilAuthAdapterOAuth.php',
     'PhutilAuthAdapterOAuth1' => 'auth/PhutilAuthAdapterOAuth1.php',
     'PhutilAuthAdapterOAuthAmazon' => 'auth/PhutilAuthAdapterOAuthAmazon.php',
@@ -498,6 +499,7 @@
     'PhutilAuthAdapterOAuthJIRA' => 'PhutilAuthAdapterOAuth1',
     'PhutilAuthAdapterOAuthTwitch' => 'PhutilAuthAdapterOAuth',
     'PhutilAuthAdapterOAuthTwitter' => 'PhutilAuthAdapterOAuth1',
+    'PhutilAuthAdapterShibboleth' => 'PhutilAuthAdapterShibboleth',
     'PhutilAuthAdapterPersona' => 'PhutilAuthAdapter',
     'PhutilAuthException' => 'Exception',
     'PhutilAuthUserAbortedException' => 'PhutilAuthException',
Index: src/auth/PhutilAuthAdapterShibboleth.php
===================================================================
--- /dev/null
+++ src/auth/PhutilAuthAdapterShibboleth.php
@@ -0,0 +1,144 @@
+<?php
+
+final class PhutilAuthAdapterShibboleth extends PhutilAuthAdapter {
+
+  // Configuration.
+  private $shibSessionIdField;
+  private $shibApplicationIdField;
+  private $useridField;
+  private $usernameField;
+  private $realnameField;
+  private $emailField;
+  private $pageURIPattern;
+  private $imageURIPattern;
+
+  // Specific User Request Information.
+  private $shibSessionId;
+  private $shibApplicationId;
+  private $userid;
+  private $username;
+  private $realname;
+  private $email;
+
+  //
+  // Configuration setters.
+  //
+  public function setShibSessionIdField($value) {
+    $this->shibSessionIdField = $value;
+    return $this;
+  }
+
+  public function setShibApplicationIdField($value) {
+    $this->shibApplicationIdField = $value;
+    return $this;
+  }
+
+  public function setUseridField($value) {
+    $this->useridField = $value;
+    return $this;
+  }
+
+  public function setUsernameField($value) {
+    $this->usernameField = $value;
+    return $this;
+  }
+
+  public function setRealnameField($value) {
+    $this->realnameField = $value;
+    return $this;
+  }
+
+  public function setEmailField($value) {
+    $this->emailField = $value;
+    return $this;
+  }
+
+  public function setPageURIPattern($value) {
+    $this->pageURIPattern = $value;
+    return $this;
+  }
+
+  public function setImageURIPattern($value) {
+    $this->imageURIPattern = $value;
+    return $this;
+  }
+
+  //
+  // Implementation of PhutilAuthAdapter interface.
+  // User information getters.
+  //
+
+  public function getAccountID() {
+    return $this->userid;
+  }
+
+  public function getAdapterType() {
+    return 'shibboleth';
+  }
+
+  public function getAdapterDomain() {
+    return 'self';
+  }
+
+  public function getAccountEmail() {
+    return $this->email;
+  }
+
+  public function getAccountName() {
+    return $this->username;
+  }
+
+  public function getAccountURI() {
+    if (strlen($this->pageURIPattern)) {
+      return sprintf($this->pageURIPattern, $this->username);
+    }
+    return null;
+  }
+
+  public function getAccountImageURI() {
+    if (strlen($this->imageURIPattern)) {
+      return sprintf($this->imageURIPattern, $this->username);
+    }
+    return null;
+  }
+
+  public function getAccountRealName() {
+    return $this->realname;
+  }
+
+  //
+  // Extraction of user information from request headers.
+  //
+  public function getHeaderNames() {
+    return array(
+      $this->shibSessionIdField,
+      $this->shibApplicationIdField,
+      $this->useridField,
+      $this->usernameField,
+      $this->realnameField,
+      $this->emailField,
+    );
+  }
+
+  public function setUserDataFromRequest($headers) {
+
+    $this->shibSessionId     = $headers[$this->shibSessionIdField];
+    $this->shibApplicationId = $headers[$this->shibApplicationIdField];
+    $this->userid            = $headers[$this->useridField];
+    $this->username          = $headers[$this->usernameField];
+    $this->realname          = $headers[$this->realnameField];
+    $this->email             = $headers[$this->emailField];
+
+    if (!strlen($this->shibSessionId)
+      || !strlen($this->shibApplicationId)
+      || !strlen($this->userid)
+      || !strlen($this->username)
+      || !strlen($this->realname)
+      || !strlen($this->email)
+      ) {
+      return false;
+    }
+
+    return $this;
+  }
+}