Shibboleth

Shibboleth is not only a kind of linguistic password that identifies one as a member of an 'in' group, it's also the name of a middleware project of Internet2.

The Shibboleth project is developing architectures, policy structures, practical technologies and an open source implementation (also called Shibboleth) to support inter-institutional sharing of (web) resources subject to access controls.

Some key concepts of Shibboleth are:
  • Federated Administration
  • Access Control Based on Attributes
  • Active Management of Privacy
  • Standards Based
  • Framework for Multiple, Scaleable Trust and Policy Sets (Federations)
  • Standard Attribute Value Vocabulary
Using Moodle with Shibboleth authentication has the following advantages (depending on the Shibboleth federation you are part of):
  • Access to Moodle can be restricted very accurate (e.g. you allow only students from universities A, B and D to access your Moodle, but not students from universities C and E. Or you allow only medicine students.)
  • User accounts are created automatically as soon as a user logs in the first time.
  • The user profiles are set up automatically (e.g. the users firstname, surname and email address is inserted the first time a user logs in)
  • The user profiles can automatically kept up-to date all the time
  • So you don't have to care anymore for user management issues because this is basically handled by the Identity Provider of the Shibboleth user (e.g. the home university).
  • Once Shibboleth users are authenticated, they can access other Shibboleth-enabled resources without loggin in another time. Due to this single sign-on mechanism, they e.g. can jump from one Moodle installation to another or the can access a Shibboleth-protected library or a web shop, always being authenticated.
Plans for the future concerning Moodle:
  • Automatic course enrollment according to Shibboleth attributes.

» Glossary of common terms