For IT Pros This page contains information about Shibboleth, SAML2-compliant single sign-on technology that is available to campus IT Professionals for the protection of their online applications and resources. If you are an end-user, please contact your IT Professional with any questions that you may have about this service.
For campus users:
Shibboleth is a web-based system that allows you to log in to campus resources with your NetID and NetID password.
For IT Professionals:
Shibboleth is an open source, community-supported, SAML2-compliant web single sign-on solution. It's the basis of our federated single sign-on solution at the University of Illinois. The use of the SAML2 standard makes it easy to plug into many open source and commercial web applications. Built-in Federation Support makes it ideal when an application needs to be available to users from multiple campuses (or even other institutions).
Shibboleth, as a sign-on technology, is appropriate in the following cases:
While Shibboleth handles authentication (proving the user is who the user claims), each Shibboleth-protected service will need to make its own decisions about authorization (whether that user is one who is permitted to access this service). See the Authorization and Shibboleth page for more information.
To simplify getting started with Shibboleth, Technology Services offers quick start instructions with sample XML files that can be modified to suit your particular needs.
This page guides you through the full download, installation, configuration, and testing process.
Customized configurations can include:
In an Urbana campus-specific configuration, the service administrator wants to provide access to students, faculty, and staff at only the Urbana campus.
In the University-wide configuration, the service administrator wants to provide access to students, faculty, and staff at any or all of the three University of Illinois campuses, based on one or multiple group or role identities.
In the multi-university configuration, the service administrator wants to provide access to students, faculty, and staff at any of the three University of Illinois campuses as well as students, faculty, and staff at a hypothetical partner University.
This page discusses how to configure Shibboleth for "multiple sign-out," also known as IDP sign-out, so that users who sign out of one Shibboleth-authenticated tab won't lose unsaved work in a different Shibboleth-authenticated tab.
The Shibboleth Project Wiki is an excellent resource for configuration and troubleshooting.
If you can't find what you need in other resources, you're welcome to email the Shibboleth service managers at firstname.lastname@example.org. The Shibboleth community can help when Technology Services can't. For more information, see Subscribe to the Shibboleth Users list below.
The Shibboleth service managers will try to advise SP operators of important Shibboleth changes through the UIUC Shibboleth Announce list. Anyone who's an SP administrator in the I-Trust federation registry from the Urbana campus will be added to this list automatically. Others are welcome to subscribe as well.
To sign up, send an email to email@example.com with the text: subscribe shibboleth-announce in the message body.
In addition to the UIUC Shibboleth Announce list, we also recommend you subscribe to the worldwide Shibboleth Announcements mailing list to learn of advisories directly from the Shibboleth Project Team. In addition to the announcement list, there are also lists for general discussion and questions about Shibboleth project development.
For information on subscribing to these mailing lists, see the worldwide Shibboleth Community Mailing Lists page.