The login gateway provides a federated Web Single Sign On Solution (SSO), which enables login to Newcastle University web applications using standard user name and password. As the technology is federated, it also means that a user can access resources provided by other institutes or service providers, without the need to re-authenticate e.g. e journals. This allows application developers to provide an improved user experience as users won’t be required to continuously authenticate to access resources.
The login gateway enables developers to concentrate on writing applications rather than dealing with access control and security. This is done by providing the technology for users to configure their web service to be a service provider. The service provider integrates with the University’s login gateway server Identity provider server (IdP). This means that the login attempt of a user occurs on a separate server, which means that the application developer does not have to worry about the security of the login process.
The service also provides the functionality to provide a more personalised service to users with the use of user attributes such as email address and username, allowing application developers to tailor their applications exactly to users’ needs.
University members of staff who are systems administrators or application developers for official University systems can use this service.
External developers are able to make use of the service in the development of official University systems; a Newcastle University member of staff must be the main contact for any request.
Consultation, advice and guidance: 09:00-17:00, Monday to Friday, excluding University closure periods.
The service is available 24 hours a day, 7 days a week.
The “at risk” period is 07:00-09:00 every Tuesday. Further planned maintenance times will be publicised in advance if there will be a disruption to the service.
Two levels of service are provided dependant on the user’s request;
To ensure the continuous availability of a user’s service provider, the supporting IdP infrastructure is configured to be dual-headed. There are two IdPs: one which provides both auto login and form login and another which supports just form login. This will mean that as long as one of the IdPs is available, the deployed service provider will be able to successfully authenticate users.
User attributes which are made available as part of the service are released as part of the login process and are exposed via the Identify Provider. The database which contains user attributes is backed up on a nightly basis; in the scenario of a database outage it will take up to a day to restore full user attributes. Default user attributes, such as the users login ID, will still be available which will still allow a user to log in to the majority of applications, as required.
Login Gateway documentation can be found at http://www.ncl.ac.uk/itservice/login-gateway/.
Additional support is available via the IT Service Desk on 5999 or firstname.lastname@example.org.
All incidents relating to this service will be handled according to the IT Service Incident Management and Major Incident Management processes.
Requests for any other aspect of the service should be made via the IT Service Desk on 5999 or email@example.com.
All requests relating to this service will be handled according to the IT Service Request Fulfilment process.
The user needs to ensure that the packages and any security certificates that are required to run the service are kept up to date to ensure that the service is able to run as required.
Application owners should provide relevant information to their end users with regards to the login experience. For example, a user should use their Newcastle University login ID and password if prompted via a service login page.