Single Sign On (SSO)
In an effort to decrease the number of passwords required to access computing applications across the University, DoIT has incrementally implemented its Web-based, NetID Single Sign On (SSO) service since 2008. Users can log in to campus applications such as Google Apps for Education and WolfMart without having to sign on multiple times or remember many passwords. The SSO service is only used for those applications accessed through a Web browser. Client-based applications, such as the mail client on a smart phone, do not use the Stony Brook SSO.
What is SSO?
The technology behind Stony Brook’s SSO is called Shibboleth.
It’s an open source, standards-based SSO solution that implements the Security Assertion Markup Language (SAML), an open-standard data format for exchanging authentication and authorization data between parties.
Stony Brook's Single Sign On Services
As a member of the InCommon Federation – a group of organizations focused on creating a common framework for collaborative trust in support of research and education – Stony Brook may participate in Single Sign On (SSO) with other colleges and universities and their partners.
As the InCommon Federation is also part of eduGAIN, which is an international interfederation service, Stony Brook may participate in SSO with member institutions all over the world. This means there are thousands of possible services around the world that could be accessed today using our SSO services.
- Campus Labs
- Digication ePortfolios
- Google Apps for Education
- Microsoft E-Academy
- National Institute of Health (NIH)
Online Course Evaluations
Stony Brook Health Sciences Library eJournals
ZebraNet (Career Center)
Important SSO Information
When a person signs out of an application that they used SSO to sign into, it is best to close the Web browser. The reason this is important is because there are no guarantees in an SSO environment that you are properly logged out of your applications, so closing the Web browser when finished is the best way to be sure that you've actually logged out. If you do not close the Web browser, there is always a chance that you will still have an active session to one of the applications you had signed into.
If you are not sure what your NetID or NetID password is, log into the SOLAR System and select NetID Maintenance for more information. Please remember to change your NetID password on a regular basis to protect your access.
Frequently Asked Questions
The following web browsers have been tested and are known to be unable to access the Single Sign-On portal:
|Mac OS X Snow Leopard (v10.6)||Safari||Any|
|Mac OS X Lion (10.7)||Safari||Any|
|Windows XP||Internet Explorer||8|
|Any||Firefox||3.6 or earlier|
|Android||Browser||1.6 or earlier|
Mac OS X Snow Leopard (10.6) and Lion (10.7) users should install and use an up-to-date version of Google Chrome or Mozilla Firefox. Other users should update your device to a supported operating system/browser if possible, or use another device with a supported operating system/browser.
This knowledge base article is in reference to the Single Sign-On upgrade on December 21, 2016.
Please note that while we will be rewriting URLs as appropriate, this may result in odd behavior for some CAS clients. Please be sure your web site’s CAS client is configured to use the new URLs as of 12/21/16.
- https://sso.cc.stonybrook.edu/cas is now https://sso.cc.stonybrook.edu/idp/profile/cas
Logout URL (note that ‘cas’ is not in the URL)
- https://sso.cc.stonybrook.edu/cas/logout is now https://sso.cc.stonybrook.edu/idp/profile/Logout
- https://sso.cc.stonybrook.edu/cas/login is now https://sso.cc.stonybrook.edu/idp/profile/cas/login
Service Validation URL
- https://sso.cc.stonybrook.edu/cas/serviceValidate is now https://sso.cc.stonybrook.edu/idp/profile/cas/serviceValidate