Shibboleth for UW Web Applications

Overview

The Shibboleth® system provides web authentication services based on industry standards for federated single sign-on between organizations. It is based on the SAML (Security Assertion Markup Language) standard published by OASIS (Organization for the Advancement of Structured Information Standards).

Purpose

Shibboleth provides the UW community with a standards-based solution for UW users to access internal and external web applications and for external users to access UW web applications. Capabilities include support for authentication, user attribute assertions, authorization, privacy, and federations.

Components

• UW Shibboleth Identity Provider (IdP): a service that enables standards-based federation and web single sign-on (web SSO) with service providers for the UW community.
• Shibboleth Service Provider (SP): software for service providers that enables web applications to integrate with the UW Shibboleth IdP for UW NetID authentication and other user profile information.
• The functions and interactions of the architecture components are illustrated in UW Identity Provider Single Sign-on Conceptual Architecture.

Support

• Shibboleth Service Provider - how you can install, configure, and use Shibboleth SP software
• Contact iam-support@uw.edu for help getting started with Shibboleth

InCommon Federation

The UW is a member of the InCommon™ Federation, which links US universities and service providers to provide interoperable authentication for a wide variety of web-based applications. As an InCommon participant, the UW publishes a statement about its operational practices related to identity management.

• InCommon Operational Practices Statement (MS Word; 72KB)
• University of Washington IdP (links to descriptive user interface info UW provides to InCommon)

Examples

• Shibboleth and Federation Spotlights

External References

• Shibboleth Consortium
• InCommon Federation
• US E-Authentication Initiative
• OASIS SAML technical committee