FAQ on Shibboleth Identity Provider (IdP) and Single Sign-On (SSO)

The Shibboleth Identity Provider (IdP) offers authentication and authorization with Single Sign-On (SSO) of users for participating service providers. It is part of the bwIDM infrastructure.

What is Single Sign-On (SSO)?
Single Sign-On (SSO) is a login service that enables a single login for several websites. CAS or the Shibboleth Identity Provider are such login services that may be used by all users of the University of Mannheim.
For example, CAS enables access to the portal of the University of Mannheim. The Shibboleth Identity Provider (IdP) offers access to some local services, but mostly to services of other (higher education) institutions.

Why do I need the Shibboleth Identity Provider (IdP)?
A high number of users should be able to access academic services world-wide. Instead of creating an account for every user, these services rely on the SAML technology. With the SAML technology, the users may use the accounts of their home institutions and do not need an additional account. If a service requires more information, the IdP can send this information to the other service.

How to login via IdP
The process of logging in consists of several steps. The first step is on the website of a service where you select a login option, for example “Shibboleth” or “bwIDM”.

Then you select your higher education institution. If the service is not German, you need to select the federation “DFN-AAI” or “German Higher Education and Research”. Then you will be forwarded to the IdP of the University of Mannheim where you enter your Uni-ID and the corresponding password for authentication.
After authentication, you will see all data that are being sent to the service for your information. Then the data are transmitted to the service.
The service accepts the data and usually grants access. In our instructions for signing in, we will show you an example.
If you experience any issues, please look at the information on the services or contact the IT support.

Which services are available? Which services can I use with the IdP?
We have created an extra page with a list of the services available and relevant information. This list is not exhaustive but only a selection of the services available.

• All services from Baden-Württemberg can be found on the service provider website of bwIDM. All these services are also services of the DFN-AAI federation.
• On the DFN pages, you will find a list of all services of the DFN-AAI federation.

Not all DFN services can be used via the IdP of the University of Mannheim, since it is necessary to discuss the data verification process with every service. If you need access to a service that is not supported yet, please contact the IT Support. We will do our best to grant you access as soon as possible.

How to logout
Currently, a single logout, that means a single click to log out from all services to which you logged in is not possible.
For logging out, you can simply close your browser or delete cookies. However, the session also runs out after some time.

When do I need to re-enter my password? How long is my session valid?
When you login, a session that is limited in terms of time begins. The time is specified by the service. When the service session runs out, you need to re-visit the IdP.

I have forgotten the password of my Uni-ID. What now?
No problem, just follow our instructions.

I see the English version of the IdP pages. How to change the language
The language of the browser determines the IdP language.