Skip to end of metadata
Go to start of metadata

As of DSpace 3.x, this page is outdated. Look at the official docunentation instead: Authentication Plugins#ShibbolethAuthentication


Ensure that you are running Apache Tomcat (the web application server) behind Apache HTTPD (the web server).  This is required as the Shibboleth authentication is performed in Apache HTTPD, while DSpace runs within Apache Tomcat.  There are two ways how to do that - using mod_proxy_ajp or mod_jk - both are described on

Follow the standard instructions for installing a Shibboleth Service Provider (SP) in Apache HTTPD. Instructions are available from

Configure the service provider to protect the following URL:

  1. If running DSpace in the ROOT context:
  2. If running DSpace in a different context: (adjust xmlui as appropriate)

If you're running DSpace in the ROOT context and you're using ProxyPass directives as described in Running DSpace on Standard Ports, you will most likely have to add

to prevent DSpace from taking over these URLs.


Edit config/modules/authentication.cfg to set the authentication method (in older DSpace versions, this is in dspace.cfg):

In config/modules/authentication-shibboleth.cfg, edit the rest of the Shibboleth settings.  You will need to ask your Shibboleth administrator for some of these:

Restart tomcat, and test by logging in.


  1. I think this page is out of date at DSpace 3.x. Note to self (or anyone else that may be interested) - fix it.

  2. Robin is quite correct, in lieu of a complete rewrite, I will instead direct you to the new documentation for Authentication Plugins.

  3. I added a warning on top of the page.