Integrate IU Login with a web application
On this page:
Overview
At Indiana University, you can integrate IU Login into your web application to provide single sign-on authentication. IU Login supports a variety of protocols, each of which accommodates different application requirements. If your web application is within Enterprise Systems or you're interested in recommendations, review these practices for managing access by the Technology Advisory Group (TAG).
auth-discuss-l
mailing list. To subscribe, email auth-discuss-l-subscribe@iu.edu
.
Choose an authentication protocol
To help you determine which authentication solution best suits your service, use the following table to compare how each protocol accommodates the requirements your service may have:
CAS | SAML | OIDC | ECP | |
---|---|---|---|---|
Recommendation 1 | Hold | Adopt | Adopt | Trial |
Protocol(s) supported | CAS 2.0 | SAML 1.0 and 2.0, and features up to Shibboleth 4.0.1
|
OpenID Connect | SAML 1.0 and 2.0, and features up to Shibboleth 4.0.1 via Enhanced Client or Proxy |
Infrastructure | IU Login 2.0 | IU Login 2.0 | IU Login 2.0 | IU Login 2.0 |
Service URL support | HTTPS only | HTTPS only | HTTPS only | HTTPS only |
University account attributes returned
|
Username only | |||
IU Guest email login support | Yes | Yes | Yes | No |
IU Guest social login support | No | Yes; Facebook, Google, Microsoft
|
Coming in future release | No |
IU Health login support | Yes | Yes | Yes | Yes |
Unified login experience | No | Yes | Yes | Yes |
Custom app code support | Retired; IU application codes are no longer supported
|
Not supported | Not supported | Not supported |
Authorization support | Rigid authorization configuration 3
|
Flexible authorization configurations
|
Flexible authorization configurations
|
Flexible authorization configurations
|
Recommended library | Apereo | Not necessary | Not necessary | Not necessary |
Knowledge Base instructions | Connect to IU Login with the CAS protocol | Connect to IU Login with the SAML protocol | Connect to IU Login with the OpenID Connect protocol | Coming soon |
Recommendation 1: For details, see the TAG legend.
IU email address 2: This is officially referred to as eduPersonPrincipalName, or ePPN.
Supported attributes
Most of the protocols above support eduPerson values, which are detailed in the REFEDS specification. Some of the attributes are public, while others are restricted and require Data Steward approval.
Public attributes
- Primary Email (
johnnydo@iu.edu
) - Display Name (Johnny Doe)
- First Name (Johnny)
- Last Name (Doe)
- eduPersonPrincipalName (
johnnydo@iu.edu
)
Restricted attributes
- University ID (0123456789)
- eduPersonScopedAffiliation (
staff@iu.edu
) - eduPersonEntitlement (service-specific)
Migrate to IU Login 2.0
Applications integrated with the legacy infrastructure were expected to migrate to IU Login 2.0 by June 15, 2021.
To begin the migration process, first identify your application's authentication protocol.
CAS protocol
- Complete the CAS Integration Request form.
- When you are notified that the integration has been set up, update your application to connect to the new infrastructure. For details, see How CAS works at IU.
- This step may be completed for both production and pre-production environments.
SAML protocol
- Complete the SAML Integration Request form.
- When you are notified that the integration has been set up, have your application's identity provider updated. For details, see Values for connecting your application to IU Login with the SAML protocol.
- This step may be completed for both production and pre-production environments.
OpenID Connect (OIDC) protocol
- Complete the OpenID Connect (OIDC) Integration Request form.
- When you are notified that the integration has been set up, have your application's identity provider updated. For details, see Values for connecting your application to IU Login with the OpenID Connect (OIDC) protocol. (new KB submitted shortly).
This step may be completed for both production and pre-production environments.
Related documents
This is document atfc in the Knowledge Base.
Last modified on 2024-07-05 14:57:15.