Discussion:
Shibboleth in Universities
John O'Connor
2014-08-18 18:34:18 UTC
Permalink
Hello Everyone,

I was wondering if anyone knew what universities or university systems in the US were using Shibboleth for their SSO solution. The UNC system is interested in peer institutions using Shibboleth. If your university is using it, please respond letting me know what university and how wide-spread use is on campus.

Thank you very much for your help.

Best,
John O’Connor
Cantor, Scott
2014-08-18 18:42:45 UTC
Permalink
Post by John O'Connor
Hello Everyone,
I was wondering if anyone knew what universities or university systems in
the US were using Shibboleth for their SSO solution. The UNC system is
interested in peer institutions using Shibboleth. If your university is
using it, please respond letting me know what university and how
wide-spread use is on campus.
Well, there's this list [1].

Please don't inundate the list with replies.

If you'd like me to include you on a public list, which is what posting a
reply here would amount to anyway, just submit here [2] and I'll add you
for posterity.

Of course, feel free to reply privately if you like.

-- Scott

[1] http://www.incommonfederation.org/participants/
[2] http://shibboleth.net/community/usedby.html
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
David Bantz
2014-08-18 18:48:40 UTC
Permalink
Here’s a starting point:
http://www.incommon.org/participants/

U Alaska uses Shibboleth for a number of applications on site, hosted, and federated.
Our IdP provides services for all students, faculty and staff at three Universities and 13 or so campuses.
I don’t know (but would be interested to learn) whether we are typical or atypical in operating
and supporting a half-dozen so-called SSO solutions that are not integrated (if you can make that parse):
Shibboleth, CAS, at least two different in-house predecessors, Windows Domain, GAE.

David Bantz
U Alaska
Post by John O'Connor
Hello Everyone,
I was wondering if anyone knew what universities or university systems in the US were using Shibboleth for their SSO solution. The UNC system is interested in peer institutions using Shibboleth. If your university is using it, please respond letting me know what university and how wide-spread use is on campus.
Thank you very much for your help.
Best,
John O’Connor
--
Steven Carmody
2014-08-18 18:53:49 UTC
Permalink
Post by David Bantz
http://www.incommon.org/participants/
There's also

https://incommon.org/federation/info/all-orgs.html
--
To unsubscribe from this list send an email to users-***@shibboleth.net
Tom Scavo
2014-08-18 20:17:01 UTC
Permalink
On Mon, Aug 18, 2014 at 2:53 PM, Steven Carmody
Post by Steven Carmody
https://incommon.org/federation/info/all-orgs.html
Yes, and most of those 368 IdPs are Shibboleth IdPs. Scanning the
metadata file for "shib" in either the entityID or an endpoint
location produces a list of 343 IdPs, and that's probably an
underestimate.

Tom
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
David Gersic
2014-08-18 20:16:12 UTC
Permalink
We have a few "SSO solutions" here, that are mutually incompatible with
each other, so you're not alone in that regard.
Post by David Bantz
http://www.incommon.org/participants/
U Alaska uses Shibboleth for a number of applications on site,
hosted, and
Post by David Bantz
federated.
Our IdP provides services for all students, faculty and staff at
three
Post by David Bantz
Universities and 13 or so campuses.
I don’t know (but would be interested to learn) whether we are
typical or
Post by David Bantz
atypical in operating
and supporting a half-dozen so-called SSO solutions that are not
integrated
Post by David Bantz
Shibboleth, CAS, at least two different in-house predecessors,
Windows
Post by David Bantz
Domain, GAE.
David Bantz
U Alaska
On Mon, 18 Aug 2014, at 10:34 , John O'Connor
Post by John O'Connor
Hello Everyone,
I was wondering if anyone knew what universities or university
systems in
Post by David Bantz
the US were using Shibboleth for their SSO solution. The UNC system
is
Post by David Bantz
interested in peer institutions using Shibboleth. If your university
is using
Post by David Bantz
it, please respond letting me know what university and how
wide-spread use is
Post by David Bantz
on campus.
Post by John O'Connor
Thank you very much for your help.
Best,
John O’Connor
--
To unsubscribe from this list send an email to
--
To unsubscribe from this list send an email to users-unsubscribe
Michael A Grady
2014-08-18 19:58:52 UTC
Permalink
Post by John O'Connor
Hello Everyone,
I was wondering if anyone knew what universities or university systems in the US were using Shibboleth for their SSO solution. The UNC system is interested in peer institutions using Shibboleth. If your university is using it, please respond letting me know what university and how wide-spread use is on campus.
Thank you very much for your help.
David Bantz and Steven Carmody replied with some links and information. The key thing to recognize is that it can be difficult from any of those to tell if campuses are using Shibboleth/SAML as "THE campus SSO", or as "the SSO for cloud/external services, and something else is being used for SSO for intra-campus services". A number of different patterns emerge:

- campuses where Shib/SAML is THE SSO - Carnegie Mellon, University of Chicago, Ohio State, ....
(The first two one can sort of see from the page Steven Carmody linked to, by seeing the number of SPs registered for the campus. Ohio State has a "local federation" for their SPs, so you can't tell from the InCommon stats that it is the key SSO for Ohio State.)

- systems where InCommon and Shib/SAML are leveraged for both external/cloud services and services where multiple campuses in the system share those services. University of Texas System, University of California System, University of Wisconsin System are at least three examples that seem to fit this pattern.

- campuses where Shib/SAML serves both a cloud/external and internal/intra- campus SSO role, and which is used may come down to convenience/ease of integration, past history, or just whether the service needs to accommodate any "external people". The University of Illinois System, Alaska, and other institutions seem to fit this pattern.

- campuses where Shib/SAML use is pretty much limited to cloud/external services, and there is a different campus SSO which pretty much covers all internal services. Frequently, in this case, the Shib IdP is "layered" over that "campus SSO", and that SSO is CAS, or Pubcookie, or something else. The University of Utah and University of Washington are jut two examples that come to mind. (This pattern may not be worth distinguishing from the preceding one, it just seems the commitment of some institutions to another underlying SSO is "stronger" in some cases than others. Perhaps it is just the commitment of having the Shib IdP itself use that "other campus SSO" which is the distinguishing factor.)

There is a lot of overlap in the above patterns, this was just one attempt to delineate what feel like some key variations in usage/role of Shib/SAML on campuses.


--
Michael A. Grady
Senior IAM Consultant, Unicon, Inc.
Tmonte
2014-08-19 11:56:46 UTC
Permalink
I am enrolled in Masters program at NC State and they use Shibboleth. Also
many other universities from what I've seen
Post by John O'Connor
Hello Everyone,
I was wondering if anyone knew what universities or university systems in
the US were using Shibboleth for their SSO solution. The UNC system is
interested in peer institutions using Shibboleth. If your university is
using it, please respond letting me know what university and how
wide-spread use is on campus.
Thank you very much for your help.
David Bantz and Steven Carmody replied with some links and information.
The key thing to recognize is that it can be difficult from any of those to
tell if campuses are using Shibboleth/SAML as "THE campus SSO", or as "the
SSO for cloud/external services, and something else is being used for SSO
- campuses where Shib/SAML is THE SSO - Carnegie Mellon, University of
Chicago, Ohio State, ....
(The first two one can sort of see from the page Steven Carmody linked
to, by seeing the number of SPs registered for the campus. Ohio State has a
"local federation" for their SPs, so you can't tell from the InCommon stats
that it is the key SSO for Ohio State.)
- systems where InCommon and Shib/SAML are leveraged for both
external/cloud services and services where multiple campuses in the system
share those services. University of Texas System, University of California
System, University of Wisconsin System are at least three examples that
seem to fit this pattern.
- campuses where Shib/SAML serves both a cloud/external and
internal/intra- campus SSO role, and which is used may come down to
convenience/ease of integration, past history, or just whether the service
needs to accommodate any "external people". The University of Illinois
System, Alaska, and other institutions seem to fit this pattern.
- campuses where Shib/SAML use is pretty much limited to cloud/external
services, and there is a different campus SSO which pretty much covers all
internal services. Frequently, in this case, the Shib IdP is "layered" over
that "campus SSO", and that SSO is CAS, or Pubcookie, or something else.
The University of Utah and University of Washington are jut two examples
that come to mind. (This pattern may not be worth distinguishing from the
preceding one, it just seems the commitment of some institutions to another
underlying SSO is "stronger" in some cases than others. Perhaps it is just
the commitment of having the Shib IdP itself use that "other campus SSO"
which is the distinguishing factor.)
There is a lot of overlap in the above patterns, this was just one attempt
to delineate what feel like some key variations in usage/role of Shib/SAML
on campuses.
--
Michael A. Grady
Senior IAM Consultant, Unicon, Inc.
--
To unsubscribe from this list send an email to
David Langenberg
2014-08-18 20:28:39 UTC
Permalink
As Mike Grady and Tom (indirectly) pointed out, we (University of Chicago)
use Shibboleth as our SSO solution. It's fairly widely used across campus
with use continuing to grow, and is heavily promoted as *the* solution if
you're trying to do anything web-based. If you're an off-site-hosted app
then it's your only option for AuthN.

Dave
Post by John O'Connor
Hello Everyone,
I was wondering if anyone knew what universities or university systems in
the US were using Shibboleth for their SSO solution. The UNC system is
interested in peer institutions using Shibboleth. If your university is
using it, please respond letting me know what university and how
wide-spread use is on campus.
Thank you very much for your help.
Best,
John O’Connor
--
To unsubscribe from this list send an email to
--
David Langenberg
Identity & Access Management
The University of Chicago
Loading...