Division of IT: Security

Shibboleth Service

What is Shibboleth?

Shibboleth is an open source, standards-based single sign on authentication service for the web. It also allows sites to make informed authorization decisions for individual access to protected resources.

Applications that require authentication, whether internal or a vended application sponsored by a University department, should consider using Shibboleth because it:

  • Allows users to login with their University Active Directory (AD) credentials without the application needing to validate the username and password.
  • Eliminates the need for a separate ID and password.
  • Resolves security issues regarding the sharing of credentials with a third party.
  • Facilitates authorization decisions without needing to maintain a user list.
  • Allows the resource to accept credentials from Identity Providers other than the University of Missouri.

Shibboleth consists of two primary pieces: an Identity Provider (IdP) and a Service Provider (SP). There is one IdP system-wide for the University of Missouri, operated by the Division of IT. SPs are operated by the individual application or resource owner. SPs can be University of Missouri applications or an external third party service. An SP may also request to receive attributes describing the authenticated user.

The University of Missouri is also a member of the InCommon Federation, a U.S. education and research community-focused organization which provides for trustworthy, shared management of access to online resources. Our membership in the InCommon federation allows us to more easily share access to protected online resources with other members of the federation without creating multiple usernames and passwords.