Single Sign On (SSO)

In an effort to decrease the number of passwords required to access computing applications across the University, DoIT has incrementally implemented its Web-based, NetID Single Sign On (SSO) service since 2008. Users can log in to campus applications such as Google Apps for Education and WolfMart without having to sign on multiple times or remember many passwords. The SSO service is only used for those applications accessed through a Web browser. Client-based applications, such as the mail client on a smart phone, do not use the Stony Brook SSO.

 

 

What is SSO?

The technology behind Stony Brook’s SSO is called Shibboleth.

It’s an open source, standards-based SSO solution that implements the Security Assertion Markup Language (SAML), an open-standard data format for exchanging authentication and authorization data between parties.

Stony Brook's Single Sign On Services

As a member of the InCommon Federation – a group of organizations focused on creating a common framework for collaborative trust in support of research and education – Stony Brook may participate in Single Sign On (SSO) with other colleges and universities and their partners.

As the InCommon Federation is also part of eduGAIN, which is an international interfederation service, Stony Brook may participate in SSO with member institutions all over the world. This means there are thousands of possible services around the world that could be accessed today using our SSO services.

The SSO service is now protected by Duo 2-Factor Authentication.

  • Alma
  • Qualtrics
  • Campus Labs
  • Digication ePortfolios
  • Echo 360
  • EDUCAUSE
  • Google Apps for Education
  • ILLiad
  • WolfMart
  • Microsoft E-Academy
  • National Institute of Health (NIH)
  • Navigate
  • Online Course Evaluations

  • SB Engage (CORQ)

  • SB Guardian

  • SEARCH discovery system

  • Taleo (TMS)

  • University Libraries e-journals

  • Voice Thread

  • ZebraNet (Career Center)

  • Zoom

 

Important SSO Information

When a person signs out of an application that they used SSO to sign into, it is best to close the Web browser. The reason this is important is because there are no guarantees in an SSO environment that you are properly logged out of your applications, so closing the Web browser when finished is the best way to be sure that you've actually logged out. If you do not close the Web browser, there is always a chance that you will still have an active session to one of the applications you had signed into.

If you are not sure what your NetID or NetID password is, log into the SOLAR System and select NetID Maintenance for more information. Please remember to change your NetID password on a regular basis to protect your access.

Frequently Asked Questions

What web browsers are not supported by Single Sign-On (SSO)?

The following web browsers have been tested and are known to be unable to access the Single Sign-On portal:

 

Operating System Browser Version
Mac OS X Snow Leopard (v10.6) Safari Any
Mac OS X Lion (10.7) Safari Any
Windows XP Internet Explorer 8
Any Firefox 3.6 or earlier
iOS 3 Any Any
iOS 4 Any Any
Android Browser 1.6 or earlier

Mac OS X Snow Leopard (10.6) and Lion (10.7) users should install and use an up-to-date version of Google Chrome or Mozilla Firefox. Other users should update your device to a supported operating system/browser if possible, or use another device with a supported operating system/browser.

What are the new CAS endpoint URLs?

This knowledge base article is in reference to the Single Sign-On upgrade on December 21, 2016.

Please note that while we will be rewriting URLs as appropriate, this may result in odd behavior for some CAS clients. Please be sure your web site’s CAS client is configured to use the new URLs as of 12/21/16.

Base URL

  • https://sso.cc.stonybrook.edu/cas is now https://sso.cc.stonybrook.edu/idp/profile/cas

Logout URL (note that ‘cas’ is not in the URL)

  • https://sso.cc.stonybrook.edu/cas/logout is now https://sso.cc.stonybrook.edu/idp/profile/Logout

Login URL

  • https://sso.cc.stonybrook.edu/cas/login is now https://sso.cc.stonybrook.edu/idp/profile/cas/login

Service Validation URL

  • https://sso.cc.stonybrook.edu/cas/serviceValidate is now https://sso.cc.stonybrook.edu/idp/profile/cas/serviceValidate

Please Contact


Customer Engagement and Support