diff --git a/config/vufind/config.ini b/config/vufind/config.ini
index 80cac1f7688db979899bde3a35c3488769873041..23f5fde9509f39e41e70809040dea1b46fbb21e9 100644
--- a/config/vufind/config.ini
+++ b/config/vufind/config.ini
@@ -435,32 +435,29 @@ database          = mysql://root@localhost/vufind
 ;port            = 6002
 
 ; Shibboleth is optional.  This section only needs to exist if the
-; Authentication Method is set to Shibboleth.
+; Authentication Method is set to Shibboleth. Be sure to set up authorization
+; logic in the permissions.ini file to filter users by Shibboleth attributes.
 ;[Shibboleth]
-
+; Server param with the identity provider entityID if a Shibboleth session exists.
+; If omitted, Shib-Identity-Provider is used.
+;idpserverparam = Shib-Identity-Provider
 ; Optional: you may set attribute names and values to be used as a filter;
 ; users will only be logged into VuFind if they match these filters.
 ;userattribute_1       = entitlement
 ;userattribute_value_1 = urn:mace:dir:entitlement:common-lib-terms
 ;userattribute_2       = unscoped-affiliation
 ;userattribute_value_2 = member
-
 ; Required: the attribute Shibboleth uses to uniquely identify users.
 ;username              = persistent-id
-
 ; Required: Shibboleth login URL.
 ;login                 = https://shib.myuniversity.edu/Shibboleth.sso/Login
-
 ; Optional: Shibboleth logout URL.
 ;logout                = https://shib.myuniversity.edu/Shibboleth.sso/Logout
-
 ; Optional: URL to forward to after Shibboleth login (if omitted,
 ; defaultLoggedInModule from [Site] section will be used).
-;target                = http://shib.myuniversity.edu/vufind/MyResearch/Home
-
-; Optional: provider_id parameter to pass along to Shibboleth login.
+;target                = https://shib.myuniversity.edu/vufind/MyResearch/Home
+; Optional: provider_id (entityId) parameter to pass along to Shibboleth login.
 ;provider_id           = https://idp.example.edu/shibboleth-idp
-
 ; Some or all of the following entries may be uncommented to map Shibboleth
 ; attributes to user database columns:
 ;cat_username = HTTP_ALEPH_ID
diff --git a/module/VuFind/src/VuFind/Auth/Shibboleth.php b/module/VuFind/src/VuFind/Auth/Shibboleth.php
index d8308b14016b48141e2759eb9e4376f4bcf2d4df..6dc42679278179d664874db7303fb9981ebb6bcc 100644
--- a/module/VuFind/src/VuFind/Auth/Shibboleth.php
+++ b/module/VuFind/src/VuFind/Auth/Shibboleth.php
@@ -4,7 +4,7 @@
  *
  * PHP version 5
  *
- * Copyright (C) Villanova University 2010.
+ * Copyright (C) Villanova University 2014.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2,
@@ -22,6 +22,8 @@
  * @category VuFind2
  * @package  Authentication
  * @author   Franck Borel <franck.borel@gbv.de>
+ * @author   Jochen Lienhard <lienhard@ub.uni-freiburg.de>
+ * @author   Bernd Oberknapp <bo@ub.uni-freiburg.de>
  * @author   Demian Katz <demian.katz@villanova.edu>
  * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
  * @link     http://www.vufind.org  Main Page
@@ -35,12 +37,16 @@ use VuFind\Exception\Auth as AuthException;
  * @category VuFind2
  * @package  Authentication
  * @author   Franck Borel <franck.borel@gbv.de>
+ * @author   Jochen Lienhard <lienhard@ub.uni-freiburg.de>
+ * @author   Bernd Oberknapp <bo@ub.uni-freiburg.de>
  * @author   Demian Katz <demian.katz@villanova.edu>
  * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
  * @link     http://www.vufind.org  Main Page
  */
 class Shibboleth extends AbstractBase
 {
+    const DEFAULT_IDPSERVERPARAM = 'Shib-Identity-Provider';
+
     /**
      * Validate configuration parameters.  This is a support method for getConfig(),
      * so the configuration MUST be accessed using $this->config; do not call
@@ -59,6 +65,7 @@ class Shibboleth extends AbstractBase
             );
         }
 
+        // Throw an exception if no login endpoint is available.
         if (!isset($shib->login)) {
             throw new AuthException(
                 'Shibboleth login configuration parameter is not set.'
@@ -151,7 +158,7 @@ class Shibboleth extends AbstractBase
                                                     // proxies others
 
         if (isset($config->Shibboleth->provider_id)) {
-            $sessionInitiator = $sessionInitiator . '&providerId=' .
+            $sessionInitiator = $sessionInitiator . '&entityID=' .
                 urlencode($config->Shibboleth->provider_id);
         }
 
@@ -230,4 +237,4 @@ class Shibboleth extends AbstractBase
 
         return $sortedUserAttributes;
     }
-}
+}
\ No newline at end of file
diff --git a/module/VuFind/src/VuFind/Role/PermissionProvider/Factory.php b/module/VuFind/src/VuFind/Role/PermissionProvider/Factory.php
index f2f1ee84249e311c752a03e36f3413160ff0010d..8251bfa1ca90f54e9dac23662de87da6f1756a81 100644
--- a/module/VuFind/src/VuFind/Role/PermissionProvider/Factory.php
+++ b/module/VuFind/src/VuFind/Role/PermissionProvider/Factory.php
@@ -86,7 +86,10 @@ class Factory
      */
     public static function getShibboleth(ServiceManager $sm)
     {
-        return new Shibboleth($sm->getServiceLocator()->get('Request'));
+        return new Shibboleth(
+            $sm->getServiceLocator()->get('Request'),
+            $sm->getServiceLocator()->get('VuFind\Config')->get('config')
+        );
     }
 
     /**
diff --git a/module/VuFind/src/VuFind/Role/PermissionProvider/Shibboleth.php b/module/VuFind/src/VuFind/Role/PermissionProvider/Shibboleth.php
index efbb30997fb4e0dc418863c09e18745a7a7c41ee..b366bec2535a35aa8c7eb035a8d3d27e8fa34540 100644
--- a/module/VuFind/src/VuFind/Role/PermissionProvider/Shibboleth.php
+++ b/module/VuFind/src/VuFind/Role/PermissionProvider/Shibboleth.php
@@ -29,6 +29,8 @@
  */
 namespace VuFind\Role\PermissionProvider;
 use Zend\Http\PhpEnvironment\Request;
+use VuFind\Auth\Shibboleth as ShibbolethAuth;
+use VuFind\Role\PermissionProvider\ServerParam;
 
 /**
  * Shibboleth permission provider for VuFind.
@@ -50,16 +52,28 @@ class Shibboleth extends ServerParam
      */
     protected $request;
 
+    /**
+     * Server param with the identity provider entityID
+     *
+     * @var string
+     */
+    protected $idpServerParam;
+
     /**
      * Constructor
      *
-     * @param Request $request Request object
+     * @param Request             $request Request object
+     * @param \Zend\Config\Config $config  VuFind configuration
      */
-    public function __construct(Request $request)
+    public function __construct(Request $request, $config)
     {
         parent::__construct($request);
 
-        $this->aliases = ['idpentityid' => 'Shib-Identity-Provider'];
+        $this->idpServerParam = isset($config->Shibboleth->idpserverparam)
+            ? $config->Shibboleth->idpserverparam
+            : ShibbolethAuth::DEFAULT_IDPSERVERPARAM;
+
+        $this->aliases = ['idpentityid' => $this->idpServerParam];
         $this->serverParamDelimiter = ';';
         $this->serverParamEscape = '\\';
     }
@@ -74,7 +88,8 @@ class Shibboleth extends ServerParam
      */
     public function getPermissions($options)
     {
-        if ($this->request->getServer()->get('Shib-Identity-Provider') === null) {
+        $this->debug('getPermissions: idpServerParam = ' . $this->idpServerParam);
+        if ($this->request->getServer()->get($this->idpServerParam) === null) {
             $this->logWarning('getPermissions: Shibboleth server params missing');
 
             return [];
diff --git a/module/VuFind/tests/unit-tests/src/VuFindTest/Role/PermissionProvider/ShibbolethTest.php b/module/VuFind/tests/unit-tests/src/VuFindTest/Role/PermissionProvider/ShibbolethTest.php
index af72ab2bd80581bb4371c5e5ba9c138504bebab0..337015ea295c4423e50287348705bbd1e01ececb 100644
--- a/module/VuFind/tests/unit-tests/src/VuFindTest/Role/PermissionProvider/ShibbolethTest.php
+++ b/module/VuFind/tests/unit-tests/src/VuFindTest/Role/PermissionProvider/ShibbolethTest.php
@@ -91,14 +91,16 @@ class ShibbolethTest extends \VuFindTest\Unit\TestCase
      * @param array $headers        Request headers
      * @param mixed $options        options as from configuration
      * @param array $expectedResult expected result returned by getPermissions
+     * @param array $config         VuFind configuration options
      *
      * @return void
      */
-    protected function checkShibboleth($headers, $options, $expectedResult)
-    {
+    protected function checkShibboleth($headers, $options, $expectedResult,
+        $config = []
+    ) {
         $request = new \Zend\Http\PhpEnvironment\Request();
         $request->setServer(new \Zend\Stdlib\Parameters($headers));
-        $shibboleth = new Shibboleth($request);
+        $shibboleth = new Shibboleth($request, new \Zend\Config\Config($config));
         $result = $shibboleth->getPermissions($options);
         $this->assertEquals($result, $expectedResult);
     }