Shibboleth

What Is It?

Single Sign-On (SSO) is an authentication method that allows users to log in with a single ID and password to any of several related, yet independent, software systems. Technology Solutions' primary SSO option is Shibboleth.

Other Service Names

Single Sign-On (SSO)

Features

Bluestem

Bluestem was once the primary single sign-on authentication method supported at UIC. Only UIC users can authenticate via Bluestem. The Bluestem system is no longer available for new requests as Technology Solutions works to transition to a modern, standards-based authentication method.

Technology Solutions provides Bluestem protection for websites hosted with webhost.uic.edu and people.uic.edu Web servers for protecting files, PHP programs, and CGI scripts. However, you may have data that requires extra-special protection (e.g. financial or medical), or you may want to run a Web application (e.g. database) or write in a language for which these main servers are not adequate.

Shibboleth Framework

Shibboleth is a federated identity framework that allows applications to connect to various authentication services on the Internet, including UIC's Bluestem. Shibboleth Identity Provider is centrally maintained to provide SAML compliant authentication services. These services limit reuse and exposure to user credentials by multiple services.

Shibboleth can be used to allow access to your application to any Organization on the Internet that supports SAML. Conversely, it can also be used to allow UIC users access to third-party applications that support SAML using their UIC credentials.

Requirements

If a user is capable of running their own Web server (i.e. physically secure room, maintain security patches, manage user accounts, run backups, install and troubleshoot software, keep, and inspect logs, or use a Technology Solutions’ Virtual Machine), they can make their web server into a Shibboleth Client application server or Bluestem Client. This will allow the user’s web scripts to authenticate users, using their normal UIC NetID and password, in a very secure manner.

Bluestem on people and webhost

  • Requires the creation of an allowed.NetID file in the directory you want to protect.

Bluestem on a custom server

  • You must run an SSL-capable web server. Apache and IIS are fine. And, of course, the webserver must be configured to run CGI scripts.
  • You must obtain an SSL certificate.
  • You must be able to maintain your server, providing all the functions that a good system administrator would provide.

Shibboleth Requirements

When one uses an online service, there are two primary actions associated with access:

  1. Authentication verifies who you are and is the act of ensuring that the person with the credential (login id for example) is the same person that the organization has on file as having permission to use that credential. The verification is done using a password or some other mechanism.
  2. Authorization is about what you can do and is the act of granting access to the authenticated individual based on role, organizational affiliation, and the like.

If a cloud service requires authentication to UIC Active Directory, a UIC employee needs to request shibboleth integration to authenticate UIC users and grant access. It is preferred that the third-party application be registered with the InCommon Federation to prevent disruptions when changes occur with the identity provider information.

Shibboleth, A Project of the Internet2 Middleware Initiative

Who Is Eligible To Use It?

  • IT Pros

Where Can I Get It?

Select the Request Shibboleth button on this page.

How Do I Use It?

Learn how to restrict access to websites using Bluestem at UIC.

How is Shibboleth used at UIC?

How Much Does It Cost?

This service is funded by the University; there are no direct costs to clients.

How Can I Get Support?

If you are experiencing a problem with this service, please report it. If you just have a question, feel free to ask us.

Service Levels

Service Request Fulfillment Time

4 business days

Incident Resolution Time 4 business days
Service Availability 24x7
Maintenance Window(s)

Approved Technology Solutions maintenance window(s)

Service Notification Channel(s) IT Service Notices
 
Request Shibboleth

Details

Service Offering Id: 63
Created
Fri 6/24/22 3:28 PM
Modified
Fri 6/24/22 3:28 PM
Audience
Select all audiences that apply
IT Pro