Authenticating Users

From MasonSRCT's Wiki
Jump to: navigation, search

George Mason University provides several ways of allowing third-party applications to authenticate users with their university credentials.

LDAP

Lightweight Directory Access Protocol (LDAP) is a standard way of querying Microsoft domain servers for information and authentication of users. For more details about the protocol itself, please check out its entry on Wikipedia. This way is typically not recommended since it requires the user's application to handle user's login credentials.

Configuration

George Mason University has several LDAP servers available for use. Below is the server typically used by SRCT. External access to LDAP servers are closely monitored and abusive users are quickly blocked, so please respect the resources!

Host: directory.gmu.edu

Port: 636

Security: ssl

BindDN: ou=people,o=gmu.edu

Central Authentication Service

Jasig's Central Authentication Service (CAS) is a single sign on protocol that allows us to authenticate users without having to handle the user's credentials. For more information about CAS, see Wikipedia. This is the recommended way to authenticate users.

Configuration

Server: login.gmu.edu

Port: 443

Path: /

Protocol Version: 2.0

Email Domain: masonlive.gmu.edu

Test Configuration

The test server will accept any matching username/password pair (such as nander13:nander13). This is useful for debugging multiple user logins.

Server: cas.srct.gmu.edu

Port: 443

Path: /login

Protocol Version: 2.0

Email Domain: masonlive.gmu.edu

Shibboleth

Shibboleth is another single sign on protocol that allows us to authenticate users without having to handle the user's credentials. For more information about Shibboleth, see WIkipedia. This way of authenticating users is largely unexplored since it requires a token from ITS in order to use this provider.

Configuration

ProviderID: https://shibboleth.gmu.edu/idp/shibboleth