University of Southern California

ITS Information Technology Services

Shibboleth


If you want to restrict your website to the USC community, Shibboleth is the recommended method. Shibboleth is a tool that allows members of a particular community to sign in once, and then access other resources without having to sign in again. In other words, Shibboleth allows for "single sign-on" (SSO). You can think of this as "logging into USC" (using your ITS username and password) and then having access to USC resources from there.

For advanced users, web developers, and system administrators, Shibboleth also allows you to restrict web content to a particular group of users. Shibboleth also supports internal, inter-department and inter-institution authorization without ever exposing identifying information (unless desired).

Note that ITS has replaced Pubcookie with Shibboleth and no new deployments of Pubcookie are planned.

On Shibboleth-enabled ITS Servers

If you are on a Shibboleth-enabled ITS server like www.usc.edu, you can protect any directory with a .htaccess file. Simply add:

AuthType shibboleth
ShibRequireSession On
require valid-user
require affiliation ~ ^.+@usc.edu$

You are now using Shibboleth to protect your webpages and only the USC community has access.

If you want to limit access to a specific group of users, you can replace the 'valid-user' term with a list of usc usernames, e.g.,

require user ttrojan jdoe jsmith
and can omit the line 'require affiliation ~ ^.+@usc.edu$'.

On ITS-Controlled servers without Shibboleth

If you suspect shibboleth isn't installed on your server (i.e. the above doesn't work), please request a shibboleth installation by emailing action@usc.edu.

On non-ITS-Controlled servers

One of Shibboleth's biggest advantages is that it allows non-ITS servers to securely authenticate users via ITS. Departments or organizations wishing to use shibboleth to protect resources on non-ITS machines should email authx@usc.edu.

Additional Information

You can find extended information about shibboleth by reading the Shibboleth Service Provider Deployment Guide or other parts of the Shibboleth Website.

Last updated:
December 14, 2010

Web Publishing Documentation

The use of all USC computing resources is governed by the USC Computing Policies.