This is the Identity Provider website for the Wellcome Sanger Institute's Shibboleth system.

Usually a human will not need to visit this page but it you find yourself here and wish some more information about this website then please read on.

Websites which have restrictions on their access require two steps:

• authentication - determining the identity of the person (User)
• authorisation - determining whether that person (User) is permitted to access the website.

Shibboleth is one such mechanism to achieve the first step - authentication.

How Shibboleth works

When a website needs to authenticate or authorise a User, it redirects the User's browser to their institute's Identity Provider. The redirection includes information about the request including the destination URL that will be reached after authentication.

The User logs in by entering their password at the Identity Provider page. If successful, the Identity Provider redirects the browser to the destination URL, including extra information such as the username and the User's status (staff, student, etc). The destination website can then make authorisation decisions based on that information. It may cache the login, using a cookie or other session state.

All interactions with the browser use HTTPS which makes it more difficult to intercept or tamper with them, protects the password, and provides assurance that the Identity Provider page is genuine and not an imposter. The authentication response from the Identity Provider is signed with a private key to make it difficult to forge or modify.