Shibboleth is federated identity management software. With federated identity management, institutions join together in a group—a federation—and agree to trust each other's identity credentials for logging in to websites.
Shibboleth allows people to log in to web resources at other institutions using the ID and password they use at their own institution. It's kind of like when banks allow you to use your ATM card at the ATM of a bank where you don't have an account.
At U-M, Shibboleth is used to allow members of the U-M community to access services from other institutions that are members of the InCommon Federation. It is also used to provide web access to M+Google and M+Box.
Here's how it works:
The user goes to the website and clicks the link to log in.
When accessing services provided by other institutions, the user will asked to select their home institution (U-M) from a list. When accessing cloud services contracted for by the university, the user may be connected immediately to the U-M Weblogin page.
The U-M Weblogin page is displayed, and the user logs in using his/her uniqname and UMICH password.
For services provided by other institutions, the user is shown the identity information that will be released to allow login and can confirm or deny the release.
If release is confirmed, the user is logged in.