Service Details (Service Catalog)

Please look over the information below to see if this service matches your needs. If it does, you may contact the Service Desk for assistance in putting in your service request. Please use the 9-digit Service Number (20.10.07.007) and the Service Unit name to refer to the service.

Service Name:

Electronic Federated Identity (EFI) Signon Service – 20.10.07.007

Price:

$$ 50.00 Per Service Yearly

Brief Description:

Provides an Identity Provider used to authenticate users against the central username directory for each SP’s.

Detailed Description:

Electronic Federated Identity (EFI) Service uses UCF federated login services to authenticate UCF users to on-site and contractual partnered (cloud) services via the central username directory.

UCF uses Shibboleth software to host an Identity Provider (IdP) capable of authenticating users against the central directory using their NID and NID password. Once authenticated, the IdP sends the userID back to the application along with any unique computed value(s) or an attribute(s) from the directory. Applications can use these attributes to identify the type of user authenticating to the system.

Once a user authenticates using EFI, they will be able to log into other Service Providers (SP) defined in the IdP without an additional login (timeout limited).

Included Functionality:

Allows for central signon authentication based on the central NID directory.

Technical Specifications:

The service uses SAML2 version, or higher, assertions to pass NET domain NID authentication information to the application.  The most compatable Service Provider can be implemented with the Shibboleth SP open source code.  Information about the Shibboleth SP can be found at http://shibboleth.internet2.edu/documentation.html .

Service Components:

Connection to the Identity Provider (IdP) Interface for web applications.

Optional Components:

UCF is a member of the InCommon Federation.  As an option Service Provider (SP) metadata for an application set up to authenticate to UCF IdP can be published to InCommon to be added to the federation metadata.  This would allow the application to accept authentication from any IdP in the InCommon Federation.

Authorized Customers:

Departmental users authorized to manage a UCF web site.

Available Service Locations:

All

Audience:

Faculty;#Staff;#Students;#Non-UCF (on / off campus)

Dependencies:

SAML2 compatible web application

Required Additional Services:

Service Unit:

CS&T Information Security Office

Service Owner:

Identity Managment

Service Number:

20.10.07.007

Signed SLA Required:

1