Service Providers (SPs) that use metadata to provide single sign-on access to a service may need to download and install a new signing certificate for U-M Federation Metadata and update the SP configuration with the new certificate and new URLs for the metadata.
U-M departmental IT staff can follow the steps below to make a web resource available as a Service Provider (SP) using Shibboleth authentication. Register your Service Provider:
There are six steps to setting up a Shibboleth Service Provider (SP) at U-M.
Note: OpenID Connect (OIDC) can be used with the U-M Shibboleth IdP and Microsoft IIS if you have an application that supports it. Microsoft provides tools for developers who wish to integrate OIDC in their applications. Follow these steps to setting up an OIDC Service Provider at U-M:
This document is for U-M information technology staff members. It explains how to configure a Shibboleth Service Provider (SP) to use two-factor authentication, specifically for part of a service. This document builds on the information detailed in Configuring Your Shibboleth Service Provider for Two-Factor Authentication.
This document is for U-M information technology staff members. It details how to configure Shibboleth-enabled services to use two-factor authentication.
This document is for U-M information technology staff members. It provides basic installation instructions for Shibboleth 2.X Service Provider (SP) software (using the SAML protocol) on a Linux server with Apache version 2.2+ and explains how to configure it for the U-M Identity Provider (IdP).
This document is for U-M information technology staff members. It provides basic instructions on installing Shibboleth 2.X Service Provider (SP) software (using the SAML protocol) on Windows Server and Internet Information Service (IIS) 7.x and configuring it for the U-M Identity Provider (IdP). Basic familiarity with Windows Server and IIS systems administration is assumed. Configuring the software requires the ability to read and edit XML files with a text editor.
Shibboleth is used to allow members of the U-M community to log in to websites at other institutions that are members of the InCommon Federation using their uniqname and UMICH (Level-1) password. It is also used to enable web login to U-M Google, U-M Box, and other cloud-based services used at the university.
This document provides the resources necessary for setting up a Shibboleth Service Provider (SP). Request Form and Windows Configuration If your department or unit has a web resource that you wish to offer to people at another institution, ask your departmental or unit IT staff to fill out the Shibboleth Configuration Request form.