Shibboleth is the only authentication method Northwestern Information Technology (IT) officially supports for NetID-based authentication to applications/web sites hosted outside of the University. External partners must join the InCommon federation in addition to implementing the Shibboleth Service Provider (SP) software. Vendors/partners may also choose to implement a compatible commercial package that supports SAML-based federation. See the list of InCommon Federation Entities
The Shibboleth federated authentication and authorization system is designed to allow Northwestern University faculty, staff and students to log in to externally-hosted systems with their Northwestern NetIDs. Schools and departments should consider using Shibboleth when they are licensing an application that will be hosted at a vendor's web site. Many government and research-oriented web sites also use Shibboleth authentication. Request access to Shibboleth via the Request Access Form.
In addition to authentication, Shibboleth can also pass user attribute data to the external application.These attributes are used by the external application to discriminate between different types of users (e.g., students vs. faculty) and automate the process of building a local profile (e.g., name, email address). Any release of data must be approved by the University department responsible for that data - generally Human Resources (faculty/staff data) or the Office of the Registrar (student data).
Your feedback on this article is welcome, and we review comments regularly. However, if you have an issue or question requiring immediate attention or want to discuss your feedback on this article, please get in touch with the Northwestern IT Service Desk at 847-49
1-4357 (1-HELP) or
consultant@northwestern.edu.