Shibboleth Login

HathiTrust has implemented Shibboleth [1], a mechanism for inter-institution authentication, in order to allow specialized services for persons affiliated with partner institutions. Configuration with Shibboleth is required to authenticate into HathiTrust. Current services offered to authenticated members of partner institutions include:

• full-PDF download of public domain works
• facilitated access to the Collection Builder application, which makes it possible for users to aggregate works into permanent collections either for private use or to share publicly with others
• special access for users who have a print disability (only in the U.S.; see http://www.hathitrust.org/accessibility [2])
• access to works held in print by partner institutions that are missing or brittle and also out of print (only in the U.S.; see http://www.hathitrust.org/out-of-print-brittle [3]).

To receive these services, HathiTrust partner institutions must meet the following requirements:

• belong to a Shibboleth federation for which HathiTrust is a registered service provider; currently, InCommon (for partners in the US) or RedIris (for partners in Spain); for partners in other countries, please contact us and we will work with you to register with the appropriate federation
• enable communication with the HathiTrust service provider through the release of certain attributes (see below for details)
• have updated contact information in their federation metadata; e.g., for InCommon, support and technical contacts must be updated according to federation guidelines [4].

We will work directly with partners to ensure that access through Shibboleth is tested and working properly.

The entityID for the HathiTrust Service Provider is http://www.hathitrust.org/shibboleth-sp. Further details about HathiTrust Shibboleth services follow below. Please contact feedback@issues.hathitrust.org [5] with any questions, or to test your Shibboleth configuration.

Terms and Conditions

The Collection Builder, full-PDF download, and enhanced access services provided through Shibboleth are made available to faculty, staff, students, and alumni at participating HathiTrust institutions.

Shibboleth Attributes that must be released to HathiTrust to provide services

• eduPersonScopedAffiliation (required) – to verify a user’s source institution
  • 'member' and 'alum' are the only accepted values
• eduPersonTargetedID (required) – to offer collection-building services
  • If an institution does not yet have eduPersonTargetedID, we will accept eduPersonPrincipalName with the understanding that if a user's eduPersonPrincipalName were to change, their saved personalized HT environment would no longer be available to them.
• displayName (desired) – to offer a personalized greeting on web pages
  • If an institution doesn't wish to release displayName, we will greet the users from that institution with a generic welcome.
  eduPersonEntitlement (optional) – to offer enhanced access to content. We will be using the entitlement to allow enhanced text views of all works (public domain and in-copyright) to users at member institutions who have a print disability. Note that this service has not yet expanded beyond its pilot implementation at the University of Michigan.
  • http://www.hathitrust.org/access/enhancedText - attribute value for users who have a print disability
  • http://www.hathitrust.org/access/enhancedTextProxy - attribute value for those accessing works on behalf of users who have a print disability
  • http://www.hathitrust.org/access/standard - attribute value for standard use. This attribute value is not required but is provided for Identity Providers that prefer to enter an entitlement value for all users.
• library-walk-in (optional) – to offer certain member services to guest users (for instance, full-PDF download of all public domain materials). The library-walk-in attribute will not enable personalized services, such as the ability to save volumes to permanent personal collections. Partners who wish to use HathiTrust library-walk-in functionality must confirm in writing that they are asserting the library-walk-in affiliation only for users physically present in a library building at the time of session initiation.

Privacy

The eduPersonScopedAffiliation, and eduPersonTargetedID attributes are required for service and do not convey personal identification information. The displayName attribute, which conveys personally identifiable information, is highly desired and will be used to provide a customized user experience on HathiTrust web pages. The contents of displayName and eduPersonEntitlement, if provided to HathiTrust, will be used solely for the delivery services and will not be distributed to third parties or saved in databases other than those that function to deliver HathiTrust services.