• Background Information
• Supported SSO Methods
• Overall Process and Responsibilities
• Technical Requirements
• Functional Notes
• Attribute Release
• Contact Information
Reclaim Hosting (RH) provides support for centralized NetID/password authentication and single sign-on (SSO) with the Domain of One’s Own environment. The Domain of One’s Own environment is characterized by a dedicated virtual server for the institution with Apache modules and/or PHP scripts to support the preferred authentication method (Shibboleth, CAS, LDAP).
Authentication via Shibboleth is available with the Domain of One’s Own server acting as an SP (Service Provider) application. Reclaim Hosting is also a member of the InCommon Federation and can submit metadata for your Domain of One’s Own environment for inclusion.
CAS authentication is supported via the phpCAS framework. Institutions wishing to integrate with CAS will need to whitelist the URL to their Domain of One’s Own instance. Note: Attribute release via CAS must be supported or attributes will need to be provided via a separate LDAP connection)
Reclaim Hosting can integrate via a standard LDAP connection using either a dedicated bind account or anonymous access depending on the policies of the institution.
The overall process of integrating your campus SSO environment with Reclaim Hosting is as follows:
• Shibboleth – Exchange of necessary SAML metadata describing SP and IdP; Configure SP and IdP environments; test functionality.
• CAS – Whitelist environment URL; test functionality
• LDAP – Institution provides bind account for LDAP access; Configuration of environment; test functionality.
While each SSO integration is unique the institution should plan on a period of development and testing that can last between 1-4 weeks from information gathering stage up until final testing and deployment.
The institution is responsible for configuring the IdP/CAS/LDAP server adding all necessary metadata and the release of requested attributes to the service provider. Reclaim Hosting maintains responsibility of configuration of the virtual server environment for interfacing with the institution’s SSO environment.
• IdP entityID
• IdP Metadata
*Note: If utilizing InCommon this is provided automatically to Reclaim Hosting
• CAS Server URL and Port
• Domain Controller(s)
• Base DN
• Account Suffix
• Bind Account (optional)
• Authorization Group (optional)
A test account with limited access to authenticate with the service provider application is optional but highly recommended to be provided to Reclaim Hosting to aid in the testing and development of the SSO integration. If a test account cannot be provided Reclaim Hosting will rely on the institution for all testing and error reporting.
The following attributes are necessary for proper function of the Domain of One’s Own environment:
Contact Reclaim Hosting support at firstname.lastname@example.org for any questions or concerns.