The information in this article is intended for technical staff who create, maintain, and support applications that require authentication. Most Cornell faculty, staff, and students do not need this information.
Cornell is a member of the InCommon Federation, which is a group of 400+ higher education institutions (including Cornell, Columbia, Stanford, Ohio State, and many others) and service providers (including Microsoft, EBSCO, OCLC, and JSTOR) that trust each other's authentication systems (NetIDs).
If you have an application that you would like to open up for login to users from other institutions, you could protect the application with the Shibboleth service provider instead of CUWebAuth.
GuestIDs cannot be used to authenticate via Shibboleth. NetIDs and Sponsored NetIDs can be granted access via Shibboleth. Weill Cornell maintains its own, separate Shibboleth identity provider.
Shibboleth Single Sign-On (SSO) is often used at Cornell by applications that are running at off-campus locations by the vendor. Some examples are Remedy and Box.com. If you want Shibboleth integration with a vendor application, complete the Request Form.
More information about installing and using a Shibboleth service provider