Shibboleth is an identity provider that uses the CalNet Central Authentication Service (CAS) screen to provide access to services hosted outside the University. While CAS is used directly by onsite services such as CalCentral, Shibboleth was designed for off-site services such as Google, Box, BearBuy, ServiceNow, Zoom, and thousands of other services like wikis and forums.
Shibboleth’s recently released Consent Module adds a layer of user consent to the release of attributes from CalNet to the service you are trying to access.
Before Shibboleth’s Consent Module, giving a new off-site service access to Berkeley’s person information was a painstaking process, especially for services that are widely used. Each service had to get individual approval from either the the Registrar or Human Resources, depending on what sort of campus user (student or employee) would be utilizing it. But, thanks to the Shibboleth Consent Module, users can give permission to share their own information, making it easier for the service to generate a profile for the user.
Still confused? Think of Shibboleth as the “Login with Facebook” button you see on websites and in smartphone apps. Facebook did not develop these sites, nor do they have direct control over them, but you can use the information in your Facebook profile to set up an account. Like Facebook, Shibboleth will now ask if you consent to sharing your information, and lists the information that the service asks for.
Now, you’re probably asking yourself, “This may be faster, but is it safe?” The answer to that question is, yes -- at least in the case of Shibboleth, which has very strict security requirements. Shibbolized sites must be vetted for research and educational purposes by the InCommon Federation (www.incommon.org). For example, Qualtrics, a research and data collecting tool, allows anyone with valid CalNet account to use it. Shibboleth tells Qualtrics who you are (e.g. Student, [first name] [last name], account type: active status), and Qualtrics generates a prepaid account for you almost instantaneously.
So, at the end of the day, you can rest assured that we at CalNet are doing everything in our power to make accessing your services, faster, easier, and safer. In fact, we’re doing it so well, you didn’t even notice.