You can integrate illumira with your Enterprise Directory (Active Directory or LDAP) so that users can use their Institutional usernames (or UserIDs) and passwords to access illumira resources.
The Shibboleth Identity Provider software (software is free and open-source) must be installed at the Institution and configured to use your Active Directory or LDAP for user authentication. 

When a user logs into illumira and tries to access resources, the user is redirected back to the Institution's shibboleth user, where the user will have to enter their username and password. If the user enters the right credentials, then the user is logged in illumira and will be able to access resources that are made available to that user or the user's Institution. 

About Shibboleth

  • A free and open-source software provided by Internet2.
  • This system is a Middleware project that is used for federated identity-based authentication.
  • The Shibboleth System is a standard based, open source software package for web single sign-on across or within organizational boundaries.
  • It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.  
  • Shibboleth can be installed on a virtual machine as well and is not resource intensive. 
  • Learn more about Shibboleth! Visit 


Steps to integrate illumira with your Enterprise directory (LDAP/AD)

  1. Install Shibboleth Identity Provider (see installation guides for Linux and Windows)
  2. Configure the Shibboleth Identity Provider to be added to our Federation. (see Section A below, "Add Information on adding NJTrust to your Identity Provider") 
  3. Configure the Shibboleth Identity Provider to release the required shibboleth attributes to our Service Provider (see section B "Required Shibboleth Attributes" and Section C: "Releasing attributes to illumira")
  4. Once installed and configured, verify that your Shibboleth Identity Provider can communicate with our service provider by visiting and then login using your userid/username. Send an email to with the contents of the page if you want us to confirm that you are sending the right attributes.

Assistance for NJEDge members

If you need assistance with Shibboleth installation at your institution, please contact us at  Our support team will guide and assist you in the set-up process.

Help Sections

A. Add information on NJTrust to your Identity Provider

Here is the declaration needed for an Identity Provider to use our metadata with Shibboleth 2. This allows your Identity Provider to work with services described in our metadata:

<metadata:MetadataProvider id="URLNJEDGE" xsi:type="metadata:FileBackedHTTPMetadataProvider"



B. Required Shibboleth Attributes  

    We require the following two attributes to be released to our Shibboleth setup from your Identity Provider.
  1. eduPersonScopedAffiliation [example:] The role 'member' MUST be assigned for all users that are active users in the learning community [i.e. faculty, students, staff] . Some institutions assign as the role for all of their users. 
  2. eduPersonPrincipalName [usually the userID or netID, example:]. 

C. Releasing attributes to illumira

You will also need to configure your IdP to release attributes to our federation. In your attribute-filter.xml add a PolicyRequirementRule:

<afp:AttributeFilterPolicy id="releaseEPPNtoNJEDGE">

<afp:AttributeRule attributeID="eduPersonPrincipalName">

<afp:PermitValueRule xsi:type="basic:ANY" />


<afp:AttributeRule attributeID="eduPersonAffiliation">

<afp:PermitValueRule xsi:type="basic:ANY" />


<afp:AttributeRule attributeID="eduPersonScopedAffiliation">

<afp:PermitValueRule xsi:type="basic:ANY" />



Then make sure you restart your Java servlet.