Introduction: Terms & Jargons
JHU uses Shibboleth which is an open source software product that implements SAML (Security Assertion Markup Language) for user authorization and authentication.
-
Single Sign On (SSO): Any system where a single authentication provides access to multiple applications. For instance, you access Blackboard, SIS (Student Information System), JHU Email and several other JHU online services using the same credentials, though the same sing-in page.
-
Security Assertion Markup Language (SAML): A framework, and XML schema, for implementing Single Sign On.
-
Principal: The user who is attempting to gain access to our application.
-
Assertions: Data about the principal which are included as part of the SAML response.
-
Service Provider (SP): This is the application, or system, that the user is attempting to access; the app we are building is the service provider.
-
Protected Resource: A resource (typically a webpage) on SP that is identified by its URL. When a user accesses a protected resource, the SP will intercept the request and redirect the user to authenticate first to verify it has access to the protected resource.
-
Identity Provider (IdP): This is a remote application, or system, that authenticates the user and returns data back to the service provider. In our case, JHU is the identity provider. (Well, to be accurate, JHU has an internal IdP which we will use to authenticate our users.)
-
Globally Unique Identifier: A value that the IdP will use to identify an SP.