Shibboleth for single sign-on
Shibboleth is an authentication (identification) and authorisation (authorisations) procedure for web applications and services operated by the University of Graz to provide access to various services.
Advantages
One major advantage of this procedure is that users of the University of Graz and possibly other external persons only have to sign in once via Shibboleth in order to be able to access services or licensed content of various offerors wherever they may be (single sign-on). Shibboleth is primarily used in the fields of science and teaching.
Revocation of permission to pass on data to this service
If in the past you permitted data to be forwarded to all services, you can revoke that permission the next time you sign in via Shibboleth.
Shibboleth services around the University of Graz
Currently (as per July 2017), the following systems for students are linked to Shibboleth at the University of Graz:
Data transfer
In the course of authentication and/or authorisation when the user signs in to Shibboleth, user-related data is transferred via safe channels to the target system to enable the user to work within the target system. In terms of data transparency in accordance with the EU’s General Data Protection Regulation, Shibboleth directly discloses which data is transferred. The names of the boxes and their meaning are shown here:
array | meaning |
---|---|
commonName | username |
displayName | display name from authorisation groups |
eduPersonAffiliation, eduPersonScopedAffiliation | affiliation to authorisation groups |
eduPersonpersistentId | session identifier for Main Library systems |
eduPersonTargetedID | random number for session identifier for legal database |
e-mail account | |
employeeNumber | SAP number |
employeeType | UGO key |
givenName | given name |
organizationalUnit | unit for students |
surname | surname |
uid | username |
In addition, users may determine to which services their decision shall apply and may revoke them anytime.