Skip to main content

Cornell University

Shibboleth

The information in this article is intended for technical staff who create, maintain, and support applications that require authentication. Most Cornell faculty, students, and staff do not need this information.

Shibboleth Identity Provider (IdP) is an open-source implementation of web single sign-on using the SAML protocol. Shibboleth allows you to enable access to your site for users from other institutions that are members of the InCommon Federation. You can restrict access to include only certain members of InCommon and/or people at member institutions who have certain attributes (for example, faculty, student).

Cornell is a member of the InCommon Federation, a group of more than 1,000 higher education institutions (for example, Cornell, Columbia, Stanford, Ohio State) and service providers (for example, Microsoft, EBSCO, OCLC, JSTOR) that trust each other's authentication systems. Visit the InCommon Federation site for more information and a list of participating organizations.

Administrators will probably not need to set up a Shibboleth Identity Provider, but will be using the CIT-maintained Identity Provider (and possibly others) to authenticate users. Note, however, that Weill Cornell Medicine maintains its own separate Shibboleth Identity Provider.

Security Assertion Markup Language (SAML) is also a popular method for enabling cloud vendor sites to authenticate and authorize Cornell users. Some examples are Workday and Box.com. Integrators outside of InCommon who would like to make use of Cornell's Identity Provider may point to the test IdP first and work through any initial issues. When you are ready to move your integration into production, submit a request to start the production integration process. Cornell Information Technologies requires that any new Service Provider include a certificate for encryption in the metadata.

Technical staff interested in learning more about how Shibboleth is used at Cornell should visit the Confluence Shibboleth site.

 

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.