WebLogin

This page deals with setting up a server to use WebLogin.

If you’re having problems authenticating to WebLogin, please continue to http://www.bu.edu/pcsc/.

WebLogin is Boston University’s single sign on (SSO) system. It serves as the foundation for several other types of authentication (alumni, web accounts). It is based on a user name and Kerberos identity.

Authenticating through WebLogin looks like this:

WebLogin can be reached in many different ways. One way is through .htaccess protection. The NisGroup at OIT provides documentation about this here, but we’d like to add a few configuration directives by way of a sample .htaccess file:

File .htaccess:

 AuthType weblogin
 WebloginKTTL  900
 WebloginOption reason "Reason -- such as to protect your personal information"
 WebloginOption app "Name of Application; see above image"
 WebloginOption contact "<a href=\"mailto:someperson@somedomain.edu\">Contact Someone</a> or call 617-123-0000"
 WebloginOption description "Text describing your application."
 <Limit GET POST>
 require valid-user
 </Limit>

The WebloginKTTL is the lifetime of the authentication, in seconds. In the above example, 900 is 15 minutes. You can use this to require re-authentication every x seconds, depending on the security you wish to provide.

If you wish to require use of the SecurID token, you should add another line:

 WebloginOTTL 0

This will create another box in the WebLogin window that requires the SecurID to be used, creating a more secure authentication.

Sometimes, WebLogin is reached through means other than .htaccess. For example, through theXMLGateway. If this is the case, you may not be able to control the variables above without contacting the staff that maintain the code that is responsible for calling WebLogin.