When a user first successfully authenticates herself via Shibboleth, she must register with OLAT. The user is asked for a username which identifies the user within OLAT. A user profile is generated and the email address provided by the Identity Provider's Attribute Authority is automatically added to the profile. This implies that an Identity Provider's Attribute Authority must at least provide an email address attribute. Furthermore, a unique identifier is needed which is configurable per site in the olat_config.xml. After accepting the disclaimer, the user is forwarded to the home screen and registration is completed.

Shibboleth may provide attribtues of a user to OLAT. These attributes are propagated within OLAT upon each successfull authentication. The attributes can be used within course building blocks to define access and visibility rules. Note that these attributes are not persisted, except for the unique identifier (used to associate an authenticated user to its OLAT user profile) and the email address.

For easier handling of attributes, you may define a set of attribute translations in olat_config.xml. For example, a standard attribute defined by Shibboleth is urn:mace:dir:attribute-def:givenName which is both hard to remember and enter into form fields. With the attribute translation map, you can translate this attribute's name to givenName and reference it in your accessability and visibility rules with its translated name.

To provide less clicks for the users in a shibbolized login environement we built in several convenience methods for easier login.