Shibboleth Identity Provider

The Shibboleth Identity Provider (IdP) offers a protected single-sign-on (SSO) service. As long as a user is logged in at the IdP via a browser, other services that also use Shibboleth can be accessed without further authentication.

When logging into a service protected by Shibboleth, the user is redirected to the IdP page of the respective institution. Here, the user’s Uni-ID and password are verified. Afterwards, the requesting service receives the data necessary for the authorisation, usually a service-specific pseudonym (targeted ID) by which the service can allocate the same profile to the user, but never the password.

Aside from the pseudonym the service can use the following data transmitted for authorisation:

  • affiliation status with the University (student, faculty, staff, member, affiliate,...)
  • specific strings agreed on for further authentication (entitlements)

If necessary, further personal attributes can be requested, which are only transmitted after the user’s approval.

At Heidelberg University, the IdP is needed to use services that are available state-wide, such as the bwForCluster. Some services only available at Heidelberg University are also connected via Shibboleth, for example heiBOX.

The University Library also makes use of Shibboleth. It is used to grant access to the online services of several publishing houses.


No news at the moment.


No current announcements.


No how-tos available yet.