What Is It?
Single Sign-On (SSO) is an authentication method that allows users to log in with a single ID and password to any of several related, yet independent, software systems. UIC's primary SSO option is Shibboleth.
Other Service Names
Single Sign-On (SSO)
Features
Bluestem
Bluestem was once the primary single sign-on authentication method supported at UIC. Only UIC users can authenticate via Bluestem. The Bluestem system is no longer available for new requests and will be shut down by the end of 2023.
Shibboleth Framework
Shibboleth is a federated identity framework that allows applications to connect to various authentication services on the Internet, including UIC's Bluestem. Shibboleth Identity Provider is centrally maintained to provide SAML compliant authentication services. These services limit reuse and exposure to user credentials by multiple services.
Shibboleth can be used to allow access to your application to any Organization on the Internet that supports SAML. Conversely, it can also be used to allow UIC users access to third-party applications that support SAML using their UIC credentials.
Requirements
If an individual or unit is capable of running their own Web server (i.e. physically secure room, maintain security patches, manage user accounts, run backups, install and troubleshoot software, keep, and inspect logs, or use a Technology Solutions’ Virtual Machine), they can make their web server into a Shibboleth Client application server. This will allow web scripts to authenticate clients, using their normal UIC NetID and password, in a very secure manner.
Shibboleth Requirements
When one uses an online service, there are two primary actions associated with access:
- Authentication verifies who you are and is the act of ensuring that the person with the credential (login id for example) is the same person that the organization has on file as having permission to use that credential. The verification is done using a password or some other mechanism.
- Authorization is about what you can do and is the act of granting access to the authenticated individual based on role, organizational affiliation, and the like.
If a cloud service requires authentication to UIC Active Directory, a UIC employee needs to request Shibboleth integration to authenticate UIC users and grant access. It is preferred that the third-party application be registered with the InCommon Federation to prevent disruptions when changes occur with the identity provider information.
Shibboleth, A Project of the Internet2 Middleware Initiative
Shibboleth - InCommon
Who Is Eligible To Use It?
Where Can I Get It?
Select the Request Shibboleth button on this page.
How Do I Use It?
How is Shibboleth used at UIC?
How Much Does It Cost?
This service is funded by the University; there are no direct costs to clients.
How Can I Get Support?
If you are experiencing a problem with this service, please report it. If you just have a question, feel free to ask us.
Service Levels
Service Request Fulfillment Time |
4 business days
|
Incident Resolution Time |
4 business days |
Service Availability |
24x7 |
Maintenance Window(s) |
Approved Technology Solutions maintenance window(s)
|
Service Notification Channel(s) |
IT Service Notices |