UB Information Technology
Central Campus Web Hosting Server > UBITname Authentication

UBITname Authentication for Central Campus Web Server

UBITName Login authentication, based on Shibboleth, allows for single sign-on authentication to enabled services. Once authenticated, a user will no longer be prompted additionally for a UBITName and password as they go between UBITName Login-enabled services and websites. UBITName Login-enabled services continue to grow; a list is available at: http://ubit.buffalo.edu/login/services.php

FAQ

How To



FAQ

What is shibboleth?

Shibboleth is standards-based, open source middleware software which provides Web Single SignOn (SSO) across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. More information is available at shibboleth.internet2.edu



How To

Allow access to any valid UBITname.

Create a file called .htaccess in your directory. The file should contain the following lines which are required:


AuthType shibboleth
AuthName "UBITname Login"
ShibRequireSession on
Header append Cache-Control "private"
require valid-user

Allow access only to a specifc wings group.

Create a file called .htaccess in your directory. The file should contain the following lines which are required:


AuthType shibboleth
AuthName "UBITname Login"
ShibRequireSession on
Header append Cache-Control "private"
require wingsgroup ~ ^group1$

where group1 is a valid group available on wings.

Note: For groups that contain an underscore "_" in their name, you will need to replace the underscore with a forward slash "/". Groups that contain a hyphen or dash "-" will work with no modification.

You can require more than one group with a line such as:

require wingsgroup ~ ^group1$ ^group2$ ^group3$

Allow access by a specifc list of UBITnames.

Create a file called .htaccess in your directory. The file should contain the following lines which are required:


AuthType shibboleth
AuthName "UBITname Login"
ShibRequireSession on
Header append Cache-Control "private"
require user ubitname1 ubitname2 ubitname3

where ubitname1, ubitname2, ubitname3, etc. are valid UBITnames. Make sure all names are on one line with no breaks or line wraps.

Allow access based on affiliation.

Create a file called .htaccess in your directory. The file should contain the following lines which are required:


AuthType shibboleth
AuthName "UBITname Login"
ShibRequireSession on
Header append Cache-Control "private"
Require unscoped-affiliation ~ affiliation

where affiliation is either staff, faculty, student, alum, volunt, or retiree. The "|" character can be used to denote "or". For example,


Require unscoped-affiliation ~ staff|faculty

would allow access to Staff or Faculty, but not Students or any other group.

Allow access only to UBITnames that have paid the Comprehensive / Technology Fee.

Create a file called .htaccess in your directory. The file should contain the following lines which are required:


AuthType shibboleth
AuthName "UBITname Login"
ShibRequireSession on
Header append Cache-Control "private"
require wingsgroup ~ ^ub/access/publabs$

Get additional help

If you have any questions, please fill out the Special Requests Form and we will try to respond as soon as possible. More information about the UBITName Login service is available at http://ubit.buffalo.edu/login/.




For questions and comments regarding this page or the Central Campus Web Hosting Service, please submit a request.