ISS has launched the latest in single sign on technology for use accessing internal and external resources.
Shibboleth is an open source implementation of federated Web Single Sign On (SSO), developed by Internet2. It is a technology deployed on web servers to allow users from multiple institutions to access protected resources. It has been chosen by the UK funding body as the next generation of access control mechanism for use in academia. It will replace Athens by the end of 2008, it allows for much richer use case than Athens allowed.
It allows users within Newcastle University to restrict access to their web content based on user ID. Shibboleth allows recognition of user IDs from different institutions, allowing collaboration and team working at an inter-institutional level.
To see Shibboleth in action, view the Shibboleth Example (have your login details ready).
The Shibboleth service is available to groups within the University, or the larger world wide academic community with a strong Newcastle University presence. Participating member institutions must also be able to deploy Shibboleth identity management or be able to sign up with an external provider of Shibboleth identity. An example of an external identity provider is Protect Network. The procedure and implications of this can be discussed in advance of setup by emailing webmaster@ncl.ac.uk.
Shibboleth is a flexible solution and can be used in many situations. It can be used to create targeted web forms for user surveys where you only want a group of users to participate. It can be used for collaborative projects where you want participants from outside Newcastle to have access. It is readily applicable to many existing applications and is being used with the email list service, the wiki service, the computer science coursework system and many existing web forms.
The Shibboleth service is available on Apache httpd and IIS based web servers. It can also work with Java, Python, and Ruby based servers via a connector from a Shibbolised Apache httpd server.
Shibboleth enables developers to concentrate on writing applications rather than dealing with access control and security, since Shibboleth login occurs on a login server, the application developer does not have to worry about the security of the login process, as it is handled elsewhere. Shibboleth also gives the web developer access to details about the user; such as username and email address.
The Shibboleth service is maintained by the ISS Web Team who can be contacted by emailing webmaster@ncl.ac.uk
You can request Shibboleth for your site by emailing webmaster@ncl.ac.uk, providing reasons for your request and a list of users to be allowed access, as described on the registration page.
We have a guide for setting up shibboleth on Apache httpd and IIS