Services
Printer-friendly version

Federation via Shibboleth

Shibboleth (aka Shib) provides NetID authentication and Single-Sign-On services for web and cloud-based applications.  It implements the Security Assertion Markup Language (SAML 2.0), an industry standard means of authenticating and authorizing user access.

When a system at Yale has been configured to use Shib, it also takes advantage of CAS, meaning that users will login to your application using CAS.

Shib-enabled applications can receive as part of the SAML assertion additional attributes (if approved) about a person, such as name, email address or group membership.  This allows an application to avoid making a separate call to an identity source (such as Yale's Identity Data Repository) to lookup information about the user, or to make an authorization decision, such as requiring a user be affiliated as a Student at Yale.  

Shib also enables federation with other universities and organizations.  When established, Yale users can login to other institutions using their NetID and Password via the familiar CAS login pages they are familiar with.  Federation also allows users at other institutions to access Yale resources (when authorized) using their local credentials.  

 

Who can use it?

Application developers.

How much does it cost?

There is no cost for using this service.

How do I get it?

Your system must be capable of accepting SAML 2.0 assertions.  Specific instructions on how to configure your system to do so will vary.

In order to use Shib, a trust relationship between Yale's Shib servers and your site must be established.  As part of establishing this relationship, you can request additional attributes about the NetID.

Contact the INF Identity and Access Management team at identity.management@yale.edu or via ServiceNow.

 

Where can I get help?

Contact INF Identity and Access Management at identity.management@yale.edu or via ServiceNow.

Federation via Shibboleth

Short title: 
Federation via Shibboleth
Icon class: 
icon-cloud
Short description: 

Shibboleth provides federated NetID authentication and Single-Sign-On for web and cloud-based services.

Shibboleth (aka Shib) provides NetID authentication and Single-Sign-On services for web and cloud-based applications.  It implements the Security Assertion Markup Language (SAML 2.0), an industry standard means of authenticating and authorizing user access.

When a system at Yale has been configured to use Shib, it also takes advantage of CAS, meaning that users will login to your application using CAS.

Shib-enabled applications can receive as part of the SAML assertion additional attributes (if approved) about a person, such as name, email address or group membership.  This allows an application to avoid making a separate call to an identity source (such as Yale's Identity Data Repository) to lookup information about the user, or to make an authorization decision, such as requiring a user be affiliated as a Student at Yale.  

Shib also enables federation with other universities and organizations.  When established, Yale users can login to other institutions using their NetID and Password via the familiar CAS login pages they are familiar with.  Federation also allows users at other institutions to access Yale resources (when authorized) using their local credentials.  

 

Who can use it?: 

Application developers.

How much does it cost?: 

There is no cost for using this service.

How do I get it?: 

Your system must be capable of accepting SAML 2.0 assertions.  Specific instructions on how to configure your system to do so will vary.

In order to use Shib, a trust relationship between Yale's Shib servers and your site must be established.  As part of establishing this relationship, you can request additional attributes about the NetID.

Contact the INF Identity and Access Management team at identity.management@yale.edu or via ServiceNow.

 

Where can I get help?: 

Contact INF Identity and Access Management at identity.management@yale.edu or via ServiceNow.