Skip to main content Skip to navigation

Registering a new service

SSO needs to know some information about each application before it will allow you to use it for signing in. As SSOv3 requires a secure connection, you will also need an SSL certificate so you can specify here if you need one.

Requirements
If you require a new SSL certficate, please follow these instructions for creating a Certificate Signing Request and contact the ITS help desk.
 

*SSOv3 specific information* - you may not know these values yet - in this case leave them blank and we will help you work them out based on how your application is configured
Privacy notice
This data on this form will be used to send you the information you have requested. We will store the fact that you have requested the information and your contact details to receive the information, but we will not send you any information beyond that which you have requested, nor will we use the data for any other purpose.

The University of Warwick is the Data Controller of any information you have entered on this form and is committed to protecting the rights of individuals in line with Data Protection Legislation. The University's Data Protection webpages provide further information on your rights and how the University processes personal data. Please submit any data subject rights requests to infocompliance@warwick.ac.uk or address any complaints or suspected breaches to the University's Data Protection Officer at DPO@warwick.ac.uk.

Spam prevention

Using a shared IP address

Up until recently we couldn't allow applications running on a shared machine with the same IP, because we couldn't allow access to the application without also giving other users of the server access to Websignon's API. Now it is possible using an API key. If your application is on a shared machine, let us know and we will give you an API key which is simply a string of characters. All your application then has to do is make sure it sends an extra parameter to websignon whenever it accesses https://websignon.warwick.ac.uk/origin/sentry: wsos_api_key=YOUR-API-KEY-HERE

If you're on a shared server but have your own dedicated IP address, then an API key isn't necessary. Similarly, if you have multiple apps on the same IP address this also isn't a problem - it's only when it's shared with unknown other people.

It's important that you keep this key secret, especially where it is stored in your application. The file it's stored in should have the appropriate permissions set on it so that it is not readable by any other users.

If you are using the SSO Client library for Java, you can put the value in the system property userlookup.ssos.apiKey and it will add the parameter for you. However, it's more likely that an app on a shared server such as crocus won't be able to run Java servlets, so you will probably be adding the parameter yourself.