There are two major components to the Shibboleth system:
When a Subject attempts to access an on-line service, the Service Provider redirects the Subject to the campus Identity Provider managing the Subject's Credentials. The Subject then authenticates with his or her campus Credential. After a successful authentication, the campus Identity Provider passes back to the Service Provider a minimal set of identity information about the Subject. The Service Provider uses the identity information to determine whether or not the Subject is authorized to access the resource.
Shibboleth leverages the organization's existing identity and access management system, so that the Subject's relationship with the institution determines access rights to services that are hosted both on- and off-campus.
At Texas A&M, Shibboleth is used with CAS as a Single SignOn service. When Shibboleth must perform an authentication, CAS is called. If the customer has an existing CAS session active, they will not be prompted for their NetID credential. The strengths of the CAS service for NetID and password management continue to be used for all Shibboleth-enabled services.
For more information on how Shibboleth works, the SWITCH Federation site offers a series of technical explanations from easy to expert.
Universities, companies and government agencies are increasingly conducting business and collaborating via online resources. It is common for users to access online resources both inside and outside their organizations to do their work. In the past, each of these services required its own ID and password. For the user, that meant another login ID and password to remember. For the institution, managing these edge-population accounts was labor- and time-intensive.
Shibboleth was developed specifically to address the challenges of:
Shibboleth is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows online resources to make informed authorization decisions for individual access in a privacy-preserving manner.
For more information on Shibboleth, please visit the official Shibboleth site.