Shibboleth

Service Providers (SPs) that use metadata to provide single sign-on access to a service may need to download and install a new signing certificate for U-M Federation Metadata and update the SP configuration with the new certificate and new URLs for the metadata.
This document is for U-M information technology staff members. It explains how to configure a Shibboleth Service Provider (SP) to use two-factor authentication, specifically for part of a service. This document builds on the information detailed in Configuring Your Shibboleth Service Provider for Two-Factor Authentication.
This document is for U-M information technology staff members. It details how to configure Shibboleth-enabled services to use two-factor authentication.
This document is for U-M information technology staff members. It provides basic installation instructions for the most recent Shibboleth Service Provider (SP) software (using the SAML protocol) on a Linux server with Apache version 2.2+ and explains how to configure it for the U-M Identity Provider (IdP).
This document is for U-M information technology staff members. It provides basic instructions on installing the most recent Shibboleth Service Provider (SP) software (using the SAML protocol) on Windows Server and Internet Information Service (IIS) 7.x and above and configuring it for the U-M Identity Provider (IdP). Basic familiarity with Windows Server and IIS systems administration is assumed. Configuring the software requires the ability to read and edit XML files with a text editor.
Shibboleth is used to allow members of the U-M community to log in to websites at other institutions that are members of the InCommon Federation using their uniqname and UMICH (Level-1) password. It is also used to enable web login to U-M Google, U-M Box, and other cloud-based services used at the university.
U-M departmental IT staff can follow the six overall steps in this document to make a web resource available as a Service Provider (SP) using the SAML protocol and Shibboleth authentication.
U-M departmental IT staff can follow the two overall steps in this document to make a web resource available as a Service Provider (SP) using the OIDC protocol and Shibboleth authentication.
This document provides the resources necessary for setting up a Shibboleth Service Provider (SP). Request Form and Windows Configuration If your department or unit has a web resource that you wish to offer to people at another institution, ask your departmental or unit IT staff to fill out the Shibboleth Configuration Request form.
This document is for U-M information technology staff members. It (1) Provides brief background information about federated identity management, InCommon, Shibboleth and attributes; (2) Describes the procedure for requesting that U-M release attributes to a Shibboleth Service Provider (SP) to permit access to U-M users; (3) Provides detailed information about the attributes available to SPs; and (4) Details the general procedure for reviewing and approving attribute release.