Authentication services sit between client programs and secured services. Boston University supports three types of authentication services which can be integrated with applications: Shibboleth, Kerberos, and Weblogin. An application leveraging these services can then control client access based on the standard BU login names and passwords and, optionally, DUO.

Benefits

The use of Authentication Services simplifies the management and improves the usability of applications by allowing the use of BU accounts for access.

Key Features

• Enables use of a single password for multiple applications
• Leverages account management over multiple applications
• Simplifies access to third-party applications and services

What to Expect

This service normally will be available 24 by 7 except for standard change windows, as described in IS&T’s standard policies, procedures, and schedules for making changes.

Requirements

Shibboleth:

• Application must be capable of being a Shibboleth Service Provider (SP); see the Shibboleth Configuration Information for Application Admins page for details
• Application can be hosted on-premises or off-premises

Kerberos:

• Host system for the application must be BU Linux (5 or 6), Solaris (8 or 10), or Windows Server (2016 or 2012)
• Host system must be on the BU campus network
• Time clock on the host system must be synchronized with a Network Time Server

Multifactor Authentication:

• Host system or service must be able to integrate with the DUO integration API. A full list of compatible services is here.

Getting Started

• InCommon Federation: See the Participant Operational Practices
• Kerberos: On the Kerberos support page, click on the “Submit a Service Request” link.
• Shibboleth: See the Service provider checklist
• Multifactor Authentication: See the DUO Support page.