Shibboleth
Shibboleth was developed as a common identity provider and service provider platform for higher education to help enable applications to take advantage of single-sign-on and a consistent user identity.
There are two major components to a Shibboleth system:
- Identity Provider - the software run by a university or other organization with users wishing to access a service
- Service Provider - the software run by the provider managing the restricted service
At Texas A&M, Shibboleth is used with CAS as a Single-Sign-On service. When Shibboleth must perform an authentication, CAS is called. If the customer has an existing CAS session active, they will not be prompted for their NetID credential.
For more information on how Shibboleth works, the SWITCH Federation site offers a series of technical explanations from easy to expert.
Requesting a Shibboleth Integration
Shibboleth utilizes a registry. Your application must be registered with Shibboleth or it will not respond to any requests made by the application.
Shibboleth authentication is considered a legacy platform and should not be used for new production systems & services. To improve security and streamline access management, we are deprecating legacy platforms like Shibboleth and will only allow SAML or OpenID Connect (OIDC) via Microsoft Entra ID going forward.
To register your application, send an email with the following information to identity@tamu.edu:
- Application URL
- Application Type: Production or Development
- Technical Contact: Name & Email Address (The technical contact must be an active staff employee of Texas A&M.)