Yes. But, it's worth adding that MIT also uses a Shibboleth implementation (locally called Touchstone). On many core sites Touchstone handles authentication to the specific web servers. Touchstone itself can be authenticated to with either the individual X509 client cert or their password. Many people use password authentication to with the Touchstone server even though MIT has a website that (usually successfully)auto generates and installs the certificate in the user's browser.