Skip to Services content

Single Sign-On (SSO), Shibboleth or Central Authentication Service (CAS)

Service Description

Shibboleth provides user authentication services for applications and a single sign-on experience for end users. The UO's Shibboleth Identity Provider (IdP) solution is maintained by Information Services and supports both Shibboleth and CAS integrations. Once you configure your application as a Shibboleth Service Provider (SP), your end users can authenticate using their Duck ID username and password. In some cases, third-party, cloud-based solutions can also be integrated with the Shibboleth IdP.

Click on the Request Help button for assistance with a new integration, to report problems with an existing integration or to request changes to an existing integration.

Available To

Current faculty and staff.

Requirements

The requestor provides the SP’s InCommon registered Entity ID or the metadata for their SP. They will configure the SP to rely on one of the following IdP InCommon registered Entity IDs or download and configure the metadata manually.

Prod IdP Entity ID: https://shibboleth.uoregon.edu/idp/shibboleth

Test IdP Entity ID: https://shibboleth-test.uoregon.edu/idp/shibboleth

The IdP includes both a Production and Test instance. Start by requesting integration between your SP and the Test IdP. Please include the Duck IDs of all team resources that will be testing your SP against the Test IdP. After successful testing, request integration between your SP and the Prod IdP.

When submitting your integration request, you will be able to select the unrestricted attributes you want the IdP to release alongside the assertion. To request access to restricted attributes, please download, print and fill out the "Shibboleth Attribute Request Form". Complete Page 1 and sign and date Page 2. Data Steward Approval on the bottom of Page 2 should be left blank. Please send the form via campus mail to Noreen Hogan in Information Services.

Accessing the Service

For technical information regarding application integration with Shibboleth, please refer to the following articles: 

Shibboleth Application Integration Instructions

Shibboleth Wiki

For information regarding the campus population and available data elements, please refer to the following article: 

Duck ID Eligibility and Technology Access Rule

Documentation

For more information, please see Internet2's Shibboleth site.

Support Contact

For support with this service, click on the Request Help button on this page.

Service Levels

This is a 24x7 service. The maintenance window is Tuesday morning from 5am to 7am.

Service Charges

There are no additional charges for the use of this service.

Service Provider

Information Services is the service provider.

Aliases

shib, shibb, shibboleth, cas, sign-on, single sign-on, sso, idp, saml, authn, authentication, login

Related Services

Active Directory ServicesEnterprise LDAP Directory Service