The Shibboleth® System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.

The Shibboleth software implements widely used federated identity standards, principally OASIS' Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. Shibboleth also provides extended privacy functionality allowing the browser user and their home site to control the attributes released to each application. Using Shibboleth-enabled access simplifies management of identity and permissions for organizations supporting users and applications. Shibboleth is developed in an open and participatory environment, is freely available, and is released under the Apache Software License.

More and more, universities, companies and government agencies offer services and collaborate online. Users typically access both online resources inside and outside their organizations to do their work. In the past, each of these services required its own ID and password and, for the user, that meant adding another set of credentials to that collection of sticky notes. For the institution, closing the security holes and just keeping up with the access changes for the services on and off campus was quite a challenge.

Shibboleth Single Sign-on and Federating Software was developed specifically to address the challenges of:

• multiple passwords required for multiple applications
• scaling the account management of multiple applications
• security issues associated with accessing third-party services
• privacy
• interoperability within and across organizational boundaries
• enabling institutions to choose their authentication technology
• enabling service providers to control access to their resources.

An individual uses his or her campus login and password to access resources offered by the institution and provider organizations. And campus IT shops can use their authentication technology of choice - Shibboleth sits on top and provides the web single sign-on functionality.

1. Identity Provider - the software run by an organization with users wishing to access a restricted service;
2. Service Provider - the software run by the provider managing the restricted service.

Shibboleth leverages the organization’s identity and access management system, so that the individual’s relationship with the institution determines access rights to services that are hosted both on- and off-campus. For a series of technical explanations of how Shibboleth works, from easy to expert, refer to the SWITCH Federation site.

• Organizational Single Sign-on System   Shibboleth is growing in popularity as a web single sign-on system, able to address both on- and off-campus web authentication.
• Controlled Information Release   In addition to providing single sign-on functionality, Shibboleth can help control access to either campus-based or licensed resources. Working with your identity management systems, Shibboleth will release the information your service partners need to authorize actions or customize the user’s experience. This reduces the need for developers to have access to the directory and instead provides fresh data, just-in-time. This can be implemented on- and off-site.
• Federated Access 
• Virtual Identity Provider   An organization can manage virtual versions of identity provider software for other institutions. One installation can act as if it is supporting multiple organizations. From end-user perspectives, it looks as if their schools are hosting the software.

• Shibboleth Information Sheet Overview (PDF)
• Federated Security: The Shibboleth Approach (from Educause Quarterly)
• Shibboleth Benefits provides information on the Shibboleth Value Proposition
• Shibboleth Project Information includes details about the Shibboleth Project
• Uses of Shibboleth provides examples of the value of Shibboleth in action

For additional information tailored to specific audiences, refer to the Info Centers.