Common Advantages
- Eliminates the need for you to manage usernames and passwords for your applications, allowing users to access your application using their centrally managed Duck ID username and password.
- Provides a common central login service for authentication, rather than having the username and password processed by each application.
- Allows for single sign-on among applications, allowing the user to move from application to application without having to re-enter a username and password.
CAS
CAS provides proxy authentication by redirecting your application login to our central CAS login service where the user authenticates using his or her Duck ID username and password.
CAS can also provide single sign-on among other CAS enabled applications.
See JA-SIG's CAS site for more information.
CAS Application Integration Instructions
Shibboleth
Shibboleth, like CAS, provides authentication by redirecting your application login to our central Shibboleth login service where the user authenticates using his or her Duck ID username and password. Shibboleth also provides single sign-on among other Shibboleth-enabled applications.
Additional features of Shibboleth include attribute delivery and federated services. Attribute delivery allows for the passing of attribute information back to your application during the authentication exchange. The attribute data can be pulled from LDAP, SQL databases or other sources.
Federated identity services provide collaboration between organizations allowing for single sign-on and a common set of attributes and policies for the exchange of information about their users.
See Internet2's Shibboleth site for more information.
Shibboleth Application Integration Instructions
Choosing between CAS and Shibboleth
Information Services recommends Shibboleth where possible rather than CAS. Since Shibboleth is the preferred solution for centrally managed services, if you want single sign-on capabilities with these services, you’ll need to use Shibboleth. In addition, even if you don’t think you need some of the Shibboleth specific functionality like attribute delivery now, you’ll be ready to add this in the future if it becomes a requirement.
We are recommending CAS only in situations where it is the only solution supported by the application vendor, where single sign-on with central systems is not a priority, or where there are limited departmental IT resources for supporting Shibboleth.
Requesting Access
Send an email containing the following information to wso-request@ithelp.uoregon.edu
- Your Department
- Which Web Sign-on service are you requesting access to (CAS or Shibboleth)?
- Date access needed by
- Technical and support contacts for this application (Provide name, title, email address and phone number for each)
- Application/Service name and URL
- Operating system, web server, and programming language
- Description of Application/Service
- Who uses this application (e.g. faculty, staff, students, other)?
- If requesting access to Shibboleth, list any attributes other than the Duck ID username you would like access to.
If application is managed or hosted by a 3rd party, also include the following information.
- Do you have administrative access to the server(s) that the application runs on?
- Is the server(s) that the application runs on maintained by a 3rd party vendor?
- Is the application hosted at an off-campus location?
