Login Gateway

Service Description

The login gateway provides a federated Web Single Sign On Solution (SSO), which enables login to Newcastle University web applications using standard user name and password. As the technology is federated, it also means that a user can access resources provided by other institutes or service providers, without the need to re-authenticate e.g. e journals. This allows application developers to provide an improved user experience as users won’t be required to continuously authenticate to access resources.

The login gateway enables developers to concentrate on writing applications rather than dealing with access control and security. This is done by providing the technology for users to configure their web service to be a service provider. The service provider integrates with the University’s login gateway server Identity provider server (IdP). This means that the login attempt of a user occurs on a separate server, which means that the application developer does not have to worry about the security of the login process.

The service also provides the functionality to provide a more personalised service to users with the use of user attributes such as email address and username, allowing application developers to tailor their applications exactly to users’ needs.

Features

  • Limit access to folders/specific sites on the web allowing collaboration with a certain user base.
  • Allows auto login to resources (users do not need to enter user name and password via a form).
  • Filter access to resources for a specific user set, with varying levels of granularity. For example, on a fine-grained level, restrict access to a small research group. Less granular would be allowing access to all members of Newcastle University.
  • It provides user attributes which allow for the personalisation of services. An example of this would be to show students content based on the modules they are registered on. 
  • Users’ attributes can also be used to pre-populate web forms, helping to speed up form entry.
  • Allows inter-institutional collaborations, using a WAYF (where are you from?) screen which allows external users to identify the institution they are logging in from. The WAYF provides a list of all federated Identity providers so that external collaborators can access Newcastle University resources.

Users

University members of staff who are systems administrators or application developers for official University systems can use this service.

External developers are able to make use of the service in the development of official University systems; a Newcastle University member of staff must be the main contact for any request.

Service Hours

Consultation, advice and guidance: 09:00-17:00, Monday to Friday, excluding University closure periods.

The service is available 24 hours a day, 7 days a week.

The ISS “at risk” period is 07:00-09:00 every Tuesday. Further planned maintenance times will be publicised in advance if there will be a disruption to the service.

Level of Service

Two levels of service are provided dependant on the user’s request;

  • Support is provided to users for the installation of the login gateway service provider technology. This includes the provision of installation instructions and specimen configuration files.
  • Alternatively, ISS will carry out the installation of the technology for the user.

To ensure the continuous availability of a user’s service provider, the supporting IdP infrastructure is configured to be dual-headed. There are two IdPs: one which provides both auto login and form login and another which supports just form login. This will mean that as long as one of the IdPs is available, the deployed service provider will be able to successfully authenticate users.

User attributes which are made available as part of the service are released as part of the login process and are exposed via the Identify Provider. The database which contains user attributes is backed up on a nightly basis; in the scenario of a database outage it will take up to a day to restore full user attributes. Default user attributes, such as the users login ID, will still be available which will still allow a user to log in to the majority of applications, as required.

Support and Documentation

Login Gateway documentation can be found at http://www.ncl.ac.uk/itservice/login-gateway/.

Additional support is available via the ISS Service Desk on 5999 or it.servicedesk@ncl.ac.uk.

All incidents relating to this service will be handled according to the ISS Incident Management and Major Incident Management processes.

Request Process

  1. Email it.servicedesk@ncl.ac.uk declaring an interest in making use of the login gateway.
  2. The request should include information such as:
    • the URL of the site to be protected
    • the reason for wanting to protect the site
    • the user set that the resource will be accessible by e.g. internal and/or external staff
    1. If required, a meeting is arranged to discuss requirements in more detail and to provide a demonstration of the login gateway service.

    Requests for any other aspect of the service should be made via the ISS Service Desk on 5999 or it.servicedesk@ncl.ac.uk.

    All requests relating to this service will be handled according to the ISS Request Fulfilment process.

    User Responsibility

    The user needs to ensure that the packages and any security certificates that are required to run the service are kept up to date to ensure that the service is able to run as required.

    Application owners should provide relevant information to their end users with regards to the login experience. For example, a user should use their Newcastle University login ID and password if prompted via a service login page.

    Costs

    N/A