OIT Authentication Services

OIT supports authentication and authorization using the NetID and NetID password via the following protocols:

  • CAS (Central Authentication Service)
  • Shibboleth
  • LDAP
  • Active Directory

CAS is a web-based single sign-on protocol that uses the statewide LDAP directory system as its authentication and authorization database. After successful authentication, CAS uses SAML to return authorization information such as affiliation (student, faculty) or identifiers such as the tnUniqueID that may be used by the application to determine whether the user should have access to the service and to match the user to existing accounts within the application.

Shibboleth is a single sign-on technology that supports both federated access to Internet-based services as well as access to local applications using the statewide LDAP directory as its authentication and authorization database. UT is a member of both the Incommon and the Edugain federations. Shibboleth provides the option of limiting access to an application based on defined authorization attributes such as affiliation or campus. It can also return authorization information to the application using SAML.

If an application cannot support CAS or Shibboleth, authentication using LDAP is available. Note that authorization options may be limited when using LDAP unless the application is written to retrieve authorization attributes at the time of authentication.

Active Directory is a Microsoft-developed directory service used by Windows servers, workstations, and other devices. Active Directory has limited access to authorization information but does provide user-manageable security groups for authorizing access to services.

Submit a request online if you have any questions about these authentications services or to get started using these services.

 

Details

Article ID: 123053
Created
Mon 12/21/20 9:23 AM
Modified
Fri 10/22/21 9:35 AM
Environment
Active Directory (AD)
Central Authentication Service (CAS)