Service Description

More and more content is provided by the RWTH Aachen University via the web or web applications. The content often is dynamic and only addressed to defined user groups - forums for certain degree courses, online publications or documentation systems. This is why it is necessary for the access control to guarantee an authentication and authorisation of the users.

Shibboleth is a Single-Sign-On authentication service. The IT Center operates a central Shibboleth service and a local federation for the user authentication for local web applications. RWTH Aachen University is a member of the federation of the German Research Network (Deutsches Forschungsnetz (DFN AAI)). This makes it possible to use numerous services of other universities that are a member of DFN via the central login server.

As a user you can access a Shibboleth protected application via your RWTH Single Sign-On account.

With the Shibboleth procedure the provider of a web application can use the central login server at the IT Center to authenticate the users.

The central login server has access to selected data from the Identity Management of RWTH Aachen University. Because of this your application can e.g. be informed that the logged in person is a student. On the basis of these personal attributes your application can decide which access rights will be granted (authorization) without having to provide another local user account. The persistent and distinct username provided by the login server enables you to assign a local user profile and store further personal data there.

Software Configuration

Shibboleth is an open source Single-Sign-On-System based on universal standards (Security Assertion Markup Language (SAML).


As a user, you do not have to install any special software. But please take notice of some notes on the settings of your webbrowser in the FAQ.

Provider of a Web Application

To be able to protect your web application with Shibboleth, you have to operate a so called service provider - the counterpart to the central Shibboleth login server, the identity provider. If your interested please continue reading "Anbindung eines neuen Shibboleth Service Providers (IdPv2)".

Mailing List for Operators of a Shibboleth Service Provider

The IT Center operates the mailing list "aai-federation" for the RWTH AAI-Federation. It provides information on the topics operation and security.

Further Information


Mailing Lists, Archives

Metadata Set of the Identity Provider of RWTH Aachen University