Shibboleth is a method for distributed authentication and authorization for web applications and web services. The web services are services of the SLUB Dresden, such as the user account, room booking or DBoD. In addition, Shibboleth enables the use of many of our licensed offerings, including Springer, Elsevier and De Gruyter.
The concept provides that users only have to authenticate themselves once in order to be able to access services or licensed content from different providers from anywhere. This behavior is known as single sign-on (SSO).
In order to use the online offers, the providers require information for the allocation or checking of authorizations. Users must agree to the transmission of this information. In order to save data, in most cases only the user number and the affiliation are transmitted.
In order to be able to guarantee the advantages of this distributed access by different parties, a relationship of trust between the participants is a prerequisite. In Germany, the DFN association organizes the legal framework and provides the necessary infrastructure. The result is the DFN-AAI federation.
Due to the provision of the DFN, Shibboleth is already very common in the scientific environment. More and more content providers recognize the advantages and support this form of access.
Shibboleth is based on an extension of the SAML standard. Three components are used in this process:
- Identity Provider (IdP): Located at the home institution. This is where the login information is entered.
- Service Provider (SP): It resides with the provider and manages access.
- Location Service or Discovery Service: In most cases, the user must tell the provider which home institution he/she belongs to prior to access. Once this is done, it is forwarded to the IdP.