Single Sign On

Audience: IT

Overview 

Bluestem is the primary single sign-on authentication method supported at UIC. Only UIC users can authenticate via Bluestem.

Shibboleth (SAML) is a framework that allows applications to connect to various authentication services on the Internet (including UIC's Bluestem SSO). Shibboleth can be used to allow access to your application from any Organization on the Internet that supports SAML. Conversely, it can also be used to allow UIC users access to third party applications (that support SAML) using their UIC credentials. Note that such third party applications must be registered with the InCommon Federation:

https://incommon.org

For more information regarding the yearly InCommon Federation fee structure see incommon.org/fees.html (sponsored partners).

Shibboleth Discovery Service - A discovery service is a web page that asks you to select your institution, after which you are redirected to that institution's authentication service. The discovery service for uofi.box.com (hosted by illinois.edu) for instance asks you to select one of UIUC, UIC, or UIS. If you misclicked and selected the wrong institution you can reset your selection for the illinois.edu discovery service by going to this link:

https://discovery.illinois.edu/discovery/DS

Features 

ACCC provides Bluestem protection for websites hosted with webhost.uic.edu and people.uic.edu Web servers for protecting files, PHP programs, and CGI scripts. However, you may have data that requires extra-special protection (e.g. financial or medical), or you may want to run a Web application (e.g. database) or write in a language for which these main servers are not adequate.

In such a case, if you are capable of running your own Web server (i.e. physically secure room, maintain security patches, manage user accounts, run backups, install and troubleshoot software, keep, and inspect logs, or use an ACCC Virtual Machine), you can make your web server into a Bluestem Client or Shibboleth Client application server. This will allow your web scripts to authenticate users, using their normal UIC NetID and password, in a very secure manner.

Requirements 

Bluestem on people and webhost

Requires the creation of an allowed.NetIDs file in the directory you want to protect.

Bluestem on a custom server

  • You must run an SSL-capable web server. Apache and IIS are fine. And, of course, the web server must be configured to run CGI scripts.
  • You must obtain an SSL certificate.
  • You must be able to maintain your server, providing all the functions that a good system administrator would provide.

 

Cost 

There is no charge for this service.

Support 

Further Information 

ACCC Service Level Agreement (SLA)

Service Request Fulfillment Time

2-4 business days.

Incident Resolution Time

2-4 business days.

Service Availability 24x7
Maintenance Window(s) Approved ACCC maintenance window(s): accc.uic.edu/service-status
Service Notification Channel(s) ACCC News and Alerts: accc.uic.edu/news/all
REACH distribution email list.
Reviewed to Ensure SLA Meets Business Requirements

Provisional SLA - Currently under IT Governance review.

Date Reviewed

Provisional SLA - Currently under IT Governance review.