diff --git a/compose/django/Dockerfile.production b/compose/django/Dockerfile.production
index d95f7825a3b83dd65a402b7cbbd229051a6787e3..6a7e8c82bbc858af94d8d5683dbf045369aa40bf 100644
--- a/compose/django/Dockerfile.production
+++ b/compose/django/Dockerfile.production
@@ -22,10 +22,11 @@ WORKDIR /app
 
 # install rdmo and gunicorn
 RUN apt-get update && apt-get install -y --no-install-recommends \
-            python3-pip python3-dev python3-setuptools gcc python3-wheel \
+            python3-pip python3-dev python3-setuptools gcc python3-wheel git \
     && pip3 install rdmo \
     && pip3 install gunicorn \
-    && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel \
+    && pip3 install -r requirements/shibboleth.txt \
+    && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel git\
     && apt-get -y autoremove \
     && rm -rf /var/lib/apt/lists/*
     
@@ -33,6 +34,7 @@ COPY ./theme /app/theme
 COPY ./locale /app/locale
 
 COPY ./config/production.py /app/config/settings/local.py
+COPY ./config/middleware.py /app/config/middleware.py
 
 # download vendor files
 ENV DJANGO_SECRET_KEY=NOT_SO_SECRET_TEMP_KEY
diff --git a/config/middleware.py b/config/middleware.py
new file mode 100644
index 0000000000000000000000000000000000000000..2217114fa7a433f4965316b38d79ec0eba987623
--- /dev/null
+++ b/config/middleware.py
@@ -0,0 +1,12 @@
+# middleware to use shibboleth with gunicorn, e.g. for apache http-proxy
+
+from shibboleth.middleware import ShibbolethRemoteUserMiddleware
+#from pprint import pprint
+
+class ProxyRemoteUserMiddleware(ShibbolethRemoteUserMiddleware):
+    header = 'HTTP_REMOTE_USER'
+
+#    def process_request(self, request):
+#        pprint(vars(request))
+        
+
diff --git a/config/production.py b/config/production.py
index 293b36eb56f08dee332bc274ab5ffa2e827e355d..9c1680cc112bcd39e84969fae32892114cf9cd1f 100644
--- a/config/production.py
+++ b/config/production.py
@@ -1,5 +1,6 @@
 import os
 from . import BASE_DIR
+from rdmo.core.settings import INSTALLED_APPS, AUTHENTICATION_BACKENDS, MIDDLEWARE
 
 '''
 Debug mode, don't use this in production
@@ -342,3 +343,33 @@ LOCALE_PATHS = (
     os.path.join(BASE_DIR, 'locale'),
 )
 
+'''
+shibboleth, see https://rdmo.readthedocs.io/en/latest/configuration/authentication/shibboleth.html
+'''
+
+SHIBBOLETH = True
+PROFILE_UPDATE = False
+PROFILE_DELETE = False
+
+INSTALLED_APPS += ['shibboleth']
+
+AUTHENTICATION_BACKENDS.append('shibboleth.backends.ShibbolethRemoteUserBackend')
+MIDDLEWARE.insert(
+    MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1,
+    'shibboleth.middleware.ShibbolethRemoteUserMiddleware'
+)
+MIDDLEWARE.insert(
+    MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 2,
+    'config.middleware.ProxyRemoteUserMiddleware'
+)
+
+SHIBBOLETH_ATTRIBUTE_MAP = {
+    'HTTP_REMOTE_USER': (True, 'username'),
+    'HTTP_GIVENNAME': (True, 'first_name'),
+    'HTTP_SN': (True, 'last_name'),
+    'HTTP_MAIL': (True, 'email'),
+}
+
+LOGIN_URL = '/Shibboleth.sso/Login?target=/projects/'
+LOGOUT_URL = '/Shibboleth.sso/Logout'
+