Normally, you’ll want to use the student portal’s single sign-on capability. This way, your visitors’ sessions are shared among all other web servers on campus that use the portal; a student can log into the portal and then visit your page without having to log in. This is how the single sign-on normally works.
If you want the login form to appear on your web page, you’ll need to use the www-only single sign-on. This provides a single sign-on for all pages on www.sandiego.edu, but visitors will need to log in again if they visit a page not on www.sandiego.edu.
The local SSO works the same as the portal SSO, except that it only applies to www.sandiego.edu.
Using the sso-www sign-on
Use “require_once('/web/includes/sso_www.phpi')” instead of “require_once('/web/includes/sso_portal.phpi')”.
If you want to display the form yourself, you must set loginNotRequired, and then where you want the form to display, use $sso->form();
<?IF ($sso->authorized):?> … <?ELSE:?> <?$sso->form();?> <?ENDIF;?>
When using the local SSO, there is another special group, ‘site’, which is a web site account. You’ll almost never need this. It is used by ITS to provide special information for web site authorized contacts and maintainers.
Differences between sso-portal and sso-www
The advantages of the sso-portal sign-on are:
- The single sign-on spans multiple servers without our having to tell browsers to send the security cookie to any server in the sandiego.edu domain. A visitor can sign on to one server, and they are then signed in to all servers that use My.SanDiego.Edu for their authentication.
- When using the portal, the visitor’s password is only sent to the authentication server; it never passes through the servers that rely on it for authentication.
The advantages of the sso-www sign-on are:
- It works with site accounts.
- It provides more security checking to see if a session has been hijacked.
- You can provide a custom login form on the web page to new visitors.
Unless you have a specific reason to use sso-www, you should use sso-portal, so that your visitors won’t need to sign in multiple times.