NetBadge at UVA
Information for Developers and Server Administrators
NetBadge for Single-Signon, Shibboleth for Authorization Behind NetBadge
NetBadge is the UVA brand for our Web application single-signon (SSO) service. This section of the website presents information for developers who need to build or adapt applications to use NetBadge and Web server administrators who need to work in the NetBadge environment. The terms “Shibboleth” (or “Pubcookie”) and “NetBadge” will be used, respectively, to denote the underlying authentication technology and the UVA implementation of that technology.
In configuring an application to use NetBadge, the first step is to use a Web server that has the Shibboleth module installed. Apache (UNIX) and Microsoft IIS can both be configured to use Shibboleth. Once the Web server has been installed and configured, then the Web server itself handles the NetBadge authentication. The Web application does not need to do any authentication at all.
Moving from Pubcookie to Shibboleth
For years, the technology used to implement NetBadge has been the NSF-funded open-source product Pubcookie, developed principally at the University of Washington. However, this technology is no longer being enhanced, and is not available for the latest versions of Web server software for both Windows and Linux servers. This has required us to shift to a new technology to support the NetBadge SSO login service.
UVA is also a participant in the InCommon Federation, based on a different open-source technology Shibboleth, for authentication and authorization to access applications at UVA and also at other institutions. The UVA Shibboleth IdP (Identity Provider) uses the same NetBadge login service that Pubcookie clients use, so the client login process is the same. Shibboleth software for both Service Provider (SP) and IdP are actively being enhanced and supported.
As NetBadge client servers are upgraded to newer operating systems and Web server software versions, or as new clients are installed, these need to be implemented as Shibboleth SPs rather than using Pubcookie. One of the advantages of shifting to Shibboleth as our SSO technology is that the IdP can provide more than just the authenticated user ID to the Web application, giving the application additional attributes which may be used for authorization to access the application.
|Operating System||Web Server Version||Supported SSO Software|
|Windows 2003||IIS 6||Pubcookie|
|Windows 2008||IIS 7||Shibboleth|
|Windows 2012||IIS 8||Shibboleth|
Centos/Red Hat Enterprise 6
|Apache 2.2||Pubcookie or Shibboleth|
Centos/Red Hat Enterprise 7