ServiceShibboleth Identity Provider
Authentication and authorization with Single Sign-On
The URZ operates a Shibboleth Identity Provider (IdP) which provides a secure Single Sign-On (SSO) service. By logging in to the Shibboleth provider with your Uni ID, you can use other services connected to Shibboleth without additional authentication.
The IdP is required to use the state services at Heidelberg University, e.g. bwForCluster (bwIDM). Heidelberg-specific services are also connected using Shibboleth, e.g. heiBOX.
- University employees
- University members
- Single Sign-On (SSO) enables the use of multiple websites and services with a single log-in.
- Use of many (scientific) services via the central ID of your home university. The IdP can transmit the required information to these services.
Access and requirements
When logging in to a Shibboleth-protected service, the user will be redirected to the IdP page of their home institution. On this page, the validity of your user ID and password will be verified. The service then only receives the data required for authorization, usually just a service-specific pseudonym (targeted ID), which the service can use to identify the user with their profile - your password is never shared.
For IT services / IT staff members
If you would like to use the URZ's Shibboleth Identity Provider for your IT service, you can make a request using the linked form.
In addition to pseudonyms, this service can use the following data transmitted to it for authorization purposes:
- Affiliation to the university (affiliation: student, faculty, staff, member, affiliate, ...)
- Concretely specified strings for further entitlements.
If necessary, further person-related attributes can be requested, but these will only be added after the user has given their consent.
The University Library has long been using Shibboleth to provide online services for some publishers. For these services, it is also possible to log in with a HEIDI ID (only digits, 8-digit, e.g. 00123456).
Frequently Asked Questions
What information (or attributes) are delivered to a service provider by Shibboleth-IdP?
A transmission of the listed attributes and their data only takes place if the service provider requests them and the user has consented to the transmission.
1. Statistical attributes
2. Personal attributes
Which university affiliations are used by Shibboleth?
Shibboleth uses the following university affiliations:
Affiliation / Scoped Affiliation
The values listed above can also be assigned a “scope” (e.g. "member[at]uni-heidelberg.de"). They can also be used without a scope (e.g. "member").
What are the possible values for the entitlements?
The entitlements can be routed using two different notations:
1. URN-type entitlements
2. URL-type entitlements