Skip to main content

About Shibboleth - Knowledgebase / Accounts and Passwords / Shibboleth Single Sign On - OIT Service Center

About Shibboleth

Authors list

The Shibboleth System is an open source software package for web single sign-on that is used at Brown. Anytime you see a screen like this, you are logging in to a single sign on service powered by Shibboleth:

 If you're interested, here are some of the technical details:

Shibboleth allows Brown services to validate a Brown user's identity, and to gain access to certain attributes about a person, such as display name, email address, or the groups that list the user as a member. Additionally, Shibboleth allows Brown service providers to allow external users into Brown services, based on a trust relationship between Brown and the external  user's institutions through mutual membership in a federation.  Likewise, Brown users may gain access to service providers at external institutions. Shibboleth provides the framework for these trust relationships, and grants a high degree of control over which service providers have access to which portions of a user's identity. Additional information about the Shibboleth project is available at http://shibboleth.net.

Historical background of Shibboleth

The Shibboleth project is a specific software solution to the problem of accurately identifying members of the Brown community and its external associates. Wikipedia describes the term as originating from the Hebrew word "shibboleth," which literally means the part of a plant containing grains, such as an ear of corn or a stalk of grain. It derives from an account in the Hebrew Bible, in which pronunciation of this word was used to distinguish members of a group (the Ephraimites), whose dialect lacked a /?/ sound (as in shoe), from members of a group (the Gileadites) whose dialect did include such a sound.

In the Book of Judges, chapter 12, after the inhabitants of Gilead inflicted a military defeat upon the tribe of Ephraim (around 1370--1070 BC), the surviving Ephraimites tried to cross the Jordan River back into their home territory and the Gileadites secured the river's fords to stop them. In order to identify and kill these disguised refugees, the Gileadites put each refugee to a simple test:

Gilead then cut Ephraim off from the fords of the Jordan, and whenever Ephraimite fugitives said, 'Let me cross,' the men of Gilead would ask, 'Are you an Ephraimite?' If he said, 'No,' they then said, 'Very well, say Shibboleth.' If anyone said, 'Sibboleth', because he could not pronounce it, then they would seize him and kill him by the fords of the Jordan. Forty-two thousand Ephraimites fell on this occasion.

- Judges 12:5-6, NJB

Fortunately, the modern use of the term Shibboleth is not nearly so draconian, but the point remains, that the Shibboleth software is used by service providers to authenticate members of the brown community, and to authorize users according to attributes released to service providers.


Helpful Unhelpful

172 of 337 people found this page helpful

Send us a note about this article

Contact the OIT Service Center

Phone: 401-863-4357

Email: help@brown.edu

Location: Page Robinson Hall - 69 Brown St., Room 510

See our availability

https://it.brown.edu/get-help

Walk-ins Welcome! Appointments recommended.

For reserved service for a technical consult or a loaner check-out, you can schedule an appointment here.