What is Shibboleth Single Sign-on (SSO)?

Overview

Many UO services rely on your Duck ID username and password to allow access.

This article is about the software that makes that possible.

Information

How can I tell if a website or service is using single sign-on?

You may not realize it, but you're probably already familiar with the single sign-on login screen!

It's the login screen you experience when accessing Canvas, Zoom, Concur, and many others services. They have this look and feel to their login:

The Shibboleth SSO login screen shows three sections vertically; a green bar at the top that reads University of Oregon, followed by a yellow bar that reads Login Required, followed a white page by instructions to login with your Duck ID and password

How does single sign-on work?

Behind the scenes, these integrated services rely on software called Shibboleth to verify your identity. 

The Shibboleth application is what asks for your Duck ID and password, and then it partners with your web browser (like Chrome or Firefox) to provide access into other Shibboleth-enabled services without asking you to re-enter your Duck ID and password again.

That's why you can login to one service in your browser, and then open a different single sign-on service in a new tab only to find it is already signed in as you!

Because you are able to sign in once and then access multiple services, this process is referred to as single sign-on.

Is single sign-on safe?

Yes, but it is important to protect your credentials and not be fooled into providing them to an impostor website. 

When using single sign-on, the address bar of your web browser will begin with, “https://shibboleth.uoregon.edu/”.

You can further validate the legitimacy of the page by ensuring the SSL Server Certificate for the site matches the following:

  • Issued To
    • Common Name: uoregon.edu
    • Organization: University of Oregon
    • Organizational Unit: Information Services (IS)
  • Issued By
    • Common Name: InCommon RSA Server CA
    • Organization: Internet2
    • Organizational Unit: InCommon

How do I learn more about my Duck ID?

To learn more about your Duck ID, please visit the Duck ID articles. If you would like to change your Duck ID Password, please look at the Change or Reset Your Duck ID Password article.

How do I report a single sign-on problem?

If you're having trouble signing into a service, it could be a problem either with your account or with the service itself.

To report a login problem or issue with your Duck ID, please contact the Technology Service Desk.

 

Details

Article ID: 52631
Created
Wed 4/25/18 12:00 PM
Modified
Thu 11/3/22 5:09 PM