Shibboleth is software that allows you to securely sign on to protected web resources at the University or at other institutions that agree to operate under a common set of guidelines in a "federation."
Shibboleth exchanges only the data necessary to allow you access to the protected resource and perform necessary functions using that resource.
To allow you to log in to protected web resources, certain pieces of information must be shared. The information shared is generally directory information, and it usually is not retained at the other institution. Possible elements include:
- eduPersonPrincipalName (your HawkID scoped to the institution, for example, email@example.com)
- uiowaDisplayName (your University display name, usually Lastname, Firstname Initial)
- mail (e-mail alias) (your University mail alias, typically firstname.lastname@example.org)
- eduPersonAffiliation (a value or values that denote your role(s) at the institution:e.g., student, faculty, staff, affiliate, member)
- eduPersonScopedAffiliation (affiliation scoped to the institution you are from: e.g., email@example.com)
- eduPersonTargetedID (an anonymous identifier unique to you, the institution you are from and the resource you are trying to access)
Once these elements have left the University of Iowa, we cannot guarantee their security. By logging in to a resource using Shibboleth, you agree that you understand and grant The University of Iowa permission to share identity data with the protected web resource.