Shibboleth for Federated Authentication and Authorization

Shibboleth is the only authentication method Northwestern Information Technology (IT) officially supports for NetID-based authentication to applications/web sites hosted outside of the University. External partners must join the InCommon federation in addition to implementing the Shibboleth Service Provider (SP) software. Vendors/partners may also choose to implement a compatible commercial package that supports SAML-based federation. See the list of InCommon Federation Entities

The Shibboleth federated authentication and authorization system is designed to allow Northwestern University faculty, staff and students to log in to externally-hosted systems with their Northwestern NetIDs. Schools and departments should consider using Shibboleth when they are licensing an application that will be hosted at a vendor's web site. Many government and research-oriented web sites also use Shibboleth authentication. Request access to Shibboleth via the Request Access Form.

In addition to authentication, Shibboleth can also pass user attribute data to the external application.These attributes are used by the external application to discriminate between different types of users (e.g., students vs. faculty) and automate the process of building a local profile (e.g., name, email address). Any release of data must be approved by the University department responsible for that data - generally Human Resources (faculty/staff data) or the Office of the Registrar (student data).




Was this helpful?
0 reviews
Print Article


Article ID: 1913
Fri 7/29/22 7:24 AM
Thu 9/21/23 10:58 AM

Related Services / Offerings (1)

Northwestern offers many ways to help your IT system authenticate or authorize users. This includes Active Directory, LDAP, Single Sign-On (SSO), Multi-Factor Authentication (MFA), Shibboleth, SAML, and others.