Who is this document for?
This document is targeted for administrators/developers considering SSO for their web service.
What are its benefits?
- Grant both users from Sheridan and other Educational Institutions access to your service.
- Your users login once to access many different services
- Easily manage user information (passed to your service as environment variables)
- Authorization is managed by your service, decision can be based on user information (ie. staff/student, username, department, school)
- secure: password never leaves the Identity Provider. User authenticates from a single, trusted, well known location.
- privacy preserving: The Identity Provider only sends public information (eg. name, email) and it knows nothing about the service the user is accessing.
- avoid managing local authentication and separate accounts
- Support for different authentication methods. Currently username/password, two-factor authentication, and single sign-on is provided.
How does Sheridan implement SSO?
Sheridan uses the SAML v2.0 specification to implement Single Sign-On. This image illustrates the SAML flow nicely between SLATE and Sheridan College.
We use the Shibboleth software to implement the SAML specification.
How do I configure my web service for SSO?
It depends on your service. It may support SAML natively or require plugins, packages, or source files to be installed and configured. Email servicedesk@sheridancollege.ca regarding your service and a member from ICT will respond promptly and work with you to see what's involved.