Single Sign-on / SWITCHaai / Shibboleth
Expressions frequently used at ETH. What do they really mean?
Basically it’s all about one single authentication for multiple related, but independent software systems.
ETH Zurich academic web applications support single sign-on (SSO) whereby a single action of user authentication and authorization allows access to all systems without having to log in again at each of them.
More ITS applications with single sign-on (Shibboleth):
- People Search
- Room Request
- ETH Zurich employee-portal (from October 2012, Web Relaunch)
- ETH Zurich student-portal (from October 2012, Web Relaunch)
- and many more ETH Zurich applications with single sign-on (Shibboleth) capability
View posts “Single sign-on at ETH” http://blogs.ethz.ch/id/2011/10/18/single-sign-on-at-eth/ and “New expanded version of web application Room Request” http://blogs.ethz.ch/id/2011/12/21/new-expanded-version-of-web-application-room-request/.
Technical implementation is done with Shibboleth – an open source product used by SWITCHaai. The SWITCH foundation has been operating the Swiss universities research network since 1987 and currently also manages its AAI components (Authentication and Authorization Infrastructure).
SWITCHaai – the key that connects students and the university
SWITCHaai is the leading national authentication and authorisation infrastructure in the tertiary education sector. Previously students had to log on with a handful of user names and passwords if they wished to use services (courses, databases, e-journals, libraries etc.) provided by other universities. Today, thanks to SWITCHaai, a single login to the “Home-Organisation” (e.g. ETH Zurich) is all that is required to access participating universities.
The home-organization is in charge of login authentication and is also responsible for managing and updating user data which it provides to participating service providers.
Internet cafes / public computer labs/ shared workstations
Single sign-on implemented by the ITS uses authentication cookies to register successful authentication. Once the session has expired, a browser session lasts about 30 minutes, you must log in again. Depending on browser settings cookies may continue to exist even after you have closed the browser.
Always use the log-out link upon terminating your session. If you share your workplace with others be sure to delete your session cookies and close all browser windows after completing your work. This will prevent further access to your applications.
Instructions on how to delete cookies can be found at http://www.rektorat.ethz.ch/applications/sso/index_EN