Authentication Services

Web and other online applications may require authentication against WMU's centrally-maintained identity and password systems. Those who need only single sign-on authentication should use the CAS single sign-on system for that. Those who need access to directory data may need LDAP access. 

CAS

CAS, Central Authentication Service, is a method of single sign-on authentication used for many WMU applications. It reduces security risk by limiting the exposure of an individual's password to only one application. Web developers do not have to write their own authentication method, but simply integrate their application with WMU's CAS. When a Web application uses CAS, the user is redirected to the CAS authentication page and once the user has authenticated with their Bronco NetID and password successfully, CAS redirects them back to the application with a CAS ticket. This CAS ticket can then be used to access any other WMU Web application that uses CAS for authentication. Web application developers wishing to use CAS should send an email request to wapps-admin@wmich.edu

LDAP

LDAP, Lightweight Directory Access Protocol, is a directory service for authentication and directory look-ups. Various levels of access to LDAP can be established and are granted only by submitting a signed written request (below). Once a request has been received, it will be reviewed and if justified, the specific access requested will be granted. Questions regarding LDAP access should be directed to oit-security@wmich.edu. After all signatures have been obtained, the completed access request forms should be sent to OIT Security, Office of Information Security, Mail Stop 5206.

Shibboleth

Shibboleth is an open software system implementation based on a federated identity solution which shares a person's electronic identities and attributes among multiple applications. WMU uses Shibboleth identity attribute sharing through the InCommon Federation for software as a service(SaaS)/cloud applications.