Student working in class on their laptop.

Shibboleth

Shibboleth is a software solution that provides Single Sign-On (SSO) service, allowing users to gain access to web resources both inside and outside 51做厙 after logging in only one time.

Shibboleth allows website owners, such as Concur and LinkedIn Learning, to make authorization decisions about an individual’s level of access to their online resources. All of this is done securely and in a way that preserves the individual’s privacy.

Shibboleth began as an project in 2000. In 2013, the Shibboleth Consortium was chartered to support continued development of the software, with Internet2 participating in the Consortium as a principal member. 51做厙 joined the consortium in 2017 as one of the .

Shibboleth Login Page

The Shibboleth login page shows up in your browser after you select "login" at one of the Shibboleth protected web services. The Shibboleth Login page is run by 51做厙 and accepts your 51做厙 ID and password to log you in or "authenticate" you. Once you successfully logged in, you are sent back to the service you were attempting to access, such as Canvas or LinkedIn Learning.

Please Note: Do not bookmark the Shibboleth login page. The Shibboleth login page ONLY works if you are sent to it by a web service or application.  It requires information from the originating web service to know where to go after you log in.  You should bookmark the site you are trying to access (smu.edu/LinkedIn for example) rather than the Shibboleth Login Page.

Security and operational benefits:

  1. Single Sign-On. Once you've logged in to one of the supported servers, you will not need to log in again to use another until your session expires or you use a different browser.
  2. The server never handles passwords. If anything goes wrong, the credentials won't be compromised.
  3. Shibboleth has additional account misuse and fraud detection capabilities that will be bypassed by going direct.
  4. The Shibboleth logging infrastructure meets campus requirements.
  5. Shibobleth is future proof: you aren't binding yourself to a specific mechanism of authentication; instead you are binding to a piece of middleware that allows you to pick from the many authentication mechanisms.
  6. It is integrated with active directory.