Skip to main content Skip to navigation

Development Information

Single Sign-On (SSO) serves dozens of services in the University, providing a single point of logon without exposing passwords to other applications. It aggregates users from many sources, so staff, students, WBS users, WGA alumni, and new starters can all log in using the same interface. It also serves as the login point for many external Library e-resources, allowing you to access journals and databases using the same username and password.

The current version of SSO is based on Shibboleth. It is the most secure but requires your application to be Shibboleth-capable; if you have a Java application, we provide the SSO Client library to help you with this. It is still possible for "old-mode" SSO apps to work, and in some cases it is more appropriate.

I want my web application to use SSO. Where do I start?

It depends on what kind of application you have. Follow one of these guides but get in touch with us if you get stuck with something that isn't explained here.

  • Java/Servlets: we have a supported library that handles a lot of the hard work for you.
  • Other platforms: you will have to handle the process yourself. You can choose between old or new mode.
    • Old mode - simpler, but less secure and only works for apps with a hostname in the domain (e.g.
    • New mode - requires Shibboleth compatible software, but more secure and more flexible

What version of SSO am I using?

If you are using the Java SSOClient library, then the configuration XML should tell you if you are using "old" or "new" mode. If you have been issued SSL certificates from the ITS Web Team then chances are that you are using new mode. However, if you are just using userlookup.jar or are even parsing the content from manually, then you are most likely using SSOv2. You can also check the URL of the login page that your app uses - old mode will be /origin/slogin while new mode will be /origin/hs.