Single Sign On:Layout-2019

From CT Wiki
(Difference between revisions)
Jump to: navigation, search
(What is changing?)
(What is changing?)
Line 6: Line 6:
  
 
In July 2019, the visual appearance of the login page will change. This is an intended change, and the new service is as safe as the current one.  
 
In July 2019, the visual appearance of the login page will change. This is an intended change, and the new service is as safe as the current one.  
It will look like this on your desktop and laptop browser:
+
It will look like this on your desktop and laptop browser, respectively on your hand-held or small-screen mobile device:
  
 
[[File:sso2019-desktop.jpg|720px]] [[File:sso2019-mobile.jpg|240px]]
 
[[File:sso2019-desktop.jpg|720px]] [[File:sso2019-mobile.jpg|240px]]
 
 
and like this on your hand-held or small-screen mobile device:
 
 
[[File:sso2019-mobile.jpg|240px]]
 
  
 
= What is in it for me? =
 
= What is in it for me? =

Revision as of 16:23, 10 July 2019

Contents

Nikhef SSO Service Changes

The Nikhef single sign-on service (SSO) enables you to login to a wide range of services using a single credential, and to seamlessly connect to new application for many hours, almost the whole day, without having to login again.

What is changing?

In July 2019, the visual appearance of the login page will change. This is an intended change, and the new service is as safe as the current one. It will look like this on your desktop and laptop browser, respectively on your hand-held or small-screen mobile device:

Sso2019-desktop.jpg Sso2019-mobile.jpg

What is in it for me?

This change is necessary for the following new features:

  • capabilities for new services using the OpenID Connect protocol
  • improved rendering of the SSO web pages on small, hand-held, devices

Other improvements and changes will happen over time. Some of these are already experimentally available, others may follow:

  • ability to authenticate with higher assurance level using two-factor authentication
  • ability to authenticate with certificate credentials
  • compliance with the global interfederation assurance profiles ("REFEDS RAF")
  • non-web authentication using OIDC JWT tokens, e.g. for single-sign-on access to dCache without certificates

Why did this change happen now?

The ability to provide OpenID Connect (OIDC) authentication capabilities is necessary for modern applications (like popular CI/CD tools), but also for non-web authentication from the command-line. Our SSO software, SimpleSAMLphp, only has OIDC support in the latest versions, and then with modules that require the use of the 'new UI' user interface suite based on Symphone-Twig responsive web design frameworks. Adding OIDC capability we needed for connecting dCache and other portals therefor triggered a complete upgrade cascade: new version of SimpleSAMLphp, use of packagist frameworks, and through the OIDC module also the 'usenewui' Twig changes, and so forth.

Views
Personal tools