Drop Shadow

My.SanDiego.Edu vs. WWW-only

Normally, you’ll want to use the student portal’s single sign-on capability. This way, your visitors’ sessions are shared among all other web servers on campus that use the portal; a student can log into the portal and then visit your page without having to log in. This is how the single sign-on normally works.

If you want the login form to appear on your web page, you’ll need to use the www-only single sign-on. This provides a single sign-on for all pages on www.sandiego.edu, but visitors will need to log in again if they visit a page not on www.sandiego.edu.

The local SSO works the same as the portal SSO, except that it only applies to www.sandiego.edu.

Using the sso-www sign-on

Use “require_once('/web/includes/sso_www.phpi')” instead of “require_once('/web/includes/sso_portal.phpi')”.

Custom forms

If you want to display the form yourself, you must set loginNotRequired, and then where you want the form to display, use $sso->form();

<?IF ($sso->authorized):?> … <?ELSE:?> <?$sso->form();?> <?ENDIF;?>

Sites

When using the local SSO, there is another special group, ‘site’, which is a web site account. You’ll almost never need this. It is used by ITS to provide special information for web site authorized contacts and maintainers.

Differences between sso-portal and sso-www

The advantages of the sso-portal sign-on are:

  • The single sign-on spans multiple servers without our having to tell browsers to send the security cookie to any server in the sandiego.edu domain. A visitor can sign on to one server, and they are then signed in to all servers that use My.SanDiego.Edu for their authentication.
  • When using the portal, the visitor’s password is only sent to the authentication server; it never passes through the servers that rely on it for authentication.

The advantages of the sso-www sign-on are:

  • It works with site accounts.
  • It provides more security checking to see if a session has been hijacked.
  • You can provide a custom login form on the web page to new visitors.

Unless you have a specific reason to use sso-www, you should use sso-portal, so that your visitors won’t need to sign in multiple times.