Main Content

Web-Login (Shibboleth)

The HRZ offers a central Shibboleth Identity Provider for login to web services:

When you log in, you will be personally identified by your Uni-Account and asked to confirm the transfer of service-specific user data to the respective web service. The web service then uses this data to decide whether you are authorized to access the service or not.

Target group:

Students, staff, external people


  • A personal, central user account (Uni-Account) is required.
  • A token for Two-Factor Authentication may be required for security-critical web services.
  • Since the Shibboleth architecture always focuses on the personal identity and its authorizations, a login with functional accounts is not supported.
  • The target service must be connected to our Shibboleth-IdP by SAML2 or CAS or OIDC interface.
  • Authorization for an “institutional login” for external IT services which depend on a license (such as online literature and software downloads) is only granted to formally defined user groups.
  • Who is authorized to use Shibboleth?

    In principle, all members and guests of the Philipps-University (and affiliated institutions) who have a personal Uni-Account can use Shibboleth.

    Please note that the respective web service itself decides whether you are personally authorized to access or not. In addition, there are general restrictions when accessing external IT services, see the following section.

  • Who is authorized to access external IT services with Shibboleth?

    Due to contract reasons, Shibboleth may only be used to access external IT services by groups of people who are also members of the university as defined in the license agreements. Some IT services even require that people have also been identified centrally by means of ID card or certificate documents, and that the legal affiliation is regularly and bindingly stored and maintained within a database. Unfortunately, these requirements are not yet met for all groups of people at the University of Marburg.

    Currently, only the following groups of people, centrally registered by the university, are granted access:

    • Professors (with current employment relationship as well as emeriti and retired)
    • Employees (with current employment relationship)
    • Doctoral students (after self-registration and confirmed doctorate request in Marvin)
    • Students (with valid enrollment)
    • Certificate course participants

    “Employment relationship” in each case means current employment with the State of Hesse, represented by Philipps University or the UKGM Marburg.

    Access is planned for the following groups of people (not yet registered centrally):

    • Non-scheduled professors
    • Honorary professors
    • Private lecturers
    • Habilitation students
    • Lecturers

    Not eligible are all guests of the University:

    However, these groups of people can access literature on computers within the university even without Shibboleth:

    • Guest auditors
    • Guests in the guest house
    • Lecturers, if they do not have a teaching contract
    • Doctoral students without a current employment contract / enrollment / acceptance as a doctoral student
    • Students from other universities
    • Guests in general
    • Continuing education without enrollment
    • Cooperation partners
    • Retired employees (as long as they are not emeriti or retired professors)
    • Alumni

    Not entitled (as not covered by corresponding license agreements) are in particular:

    • External people not involved in research and teaching
    • Hessisches Staatsarchiv
    • Herder-Institut
    • MPI

  • Which IT services are available?

    The Philipps-University Marburg itself provides only a few services that support login via web-login, e.g.

    • Marvin
    • Room booking for group and PC workstations
    • k-med

    Third-party services are provided through the DFN-AAI federation of the DFN-Verein (“German Higher Education and Research”) including the federations participating in the worldwide eduGAIN interfederation, see:

    Whether the login and access actually work depends on contractual agreements between the individual providers and the Philipps University, as well as on the availability of the required user attributes. It does not matter whether the Philipps University Marburg already appears in the selection list of a web service for “Institutional Login”.

    Shibboleth login for the publishers' websites has been implemented in cooperation with the university library since fall 2015. For most publishers whose online media you can find in the KatalogPlus or OPAC, the registration already works, see:

  • How can I check my authorization for external IT services?

    To determine if you are authorized to access third-party services, please look for the line “Shibboleth (web login)” in the HRZ's identification data query:

  • Alternative ways to access literature (without Shibboleth)

    For home access to media which requires a license, there is EZproxy access available as an alternative, see External Online Access (University Library info page).

    In the PC pools and offices of Philipps University, you can access most media which requires a license even without Shibboleth or EZproxy access.

  • Whom do I contact when having access problems?

    The e-media team of the University Library will be happy to support you if your Uni-Account only has EZproxy access and e.g. you cannot access the media of a single publisher, see External online access (German info page of the University Library) in the section "Wen kontaktiere ich bei Zugangsproblemen?".

    If your university account lacks Shibboleth authorization for external IT services even though you have regular employment with the state of Hesse, feel free to contact the Shibboleth team at the HRZ directly at . It is possible that your contract data has not yet been linked to your Uni-Account.


  • Login

    You must perform the following steps separately for each web service:

    • First open the website of the desired service (e.g. Marvin or a publisher's website).
    • Then click on the corresponding login link there (e.g. “log in with university account”) (for external IT services usually “Sign in” / “Institutional login”, then “German Higher Education” / “DFN-AAI” and “Philipps-University Marburg”).

    You are now on the login page at Please enter your Uni-Account and your personal password.

  • Option “Don't remember login for further services”

    With this option, you are queried to enter your password again for each additional web service you want to login to.

  • Option “Clear prior granting of permission for release of your information to this service”

    This option withdraws the consent to data transfer for the accessed web service, i.e. you will see the previously transferred data again.

  • Enter the 2FA token (e.g. TAN token, App token, YubiKey token)

    For security-critical web services, an additional web page may appear after the password check, where you must enter your 2FA token. See Two-factor-authentication for details.

  • Information release

    To verify your access authorization, the provider of each web service needs various data. Usually, only the most necessary data is transferred for literature access, i.e. the provider only learns, for example, that you are a student or employee at the University of Marburg. In the context of electronic teaching and learning portals (e-learning), it may also be necessary to transfer your full name, your department and other personal data.

    You can see which data is transferred in detail in the preview of the data to be transferred. The compilation of the data to be transferred is created and displayed individually each time you login to a web service, before you login to a third-party web service with this data for the first time. Only after your consent, the data will be transferred to the web service.

    A complete list of all your data that can be used for transfer can be obtained via the web-login self-disclosure.

  • Logout

    Please use the central Sitzung beenden (Logout) function at in order to logout from Web-Login and all recently used services.

    Unfortunately, not all web services support logout so far. This means that the central logout may fail for individual services.

    For your safety, you should disable session restore in your web browser settings, or alternatively delete all cookies at the end of your session. Then, at the end of your session, close all tabs and exit the web browser.