Connect to the Purdue Home Page

Purdue University

Identity and Access Management

Web Page / Application Authentication

Our authentication and authorization services are designed to meet different goals. So how do you know which one it right for your project? The information below is intended to help you determine which one is right for your application or service.

Note: After reviewing the information below, if you are unsure on which option is right for your application or service, please contact your application or web administration group to see which one is recommended and supported in your environment. You can also contact the Identity and Access Management Office (IAMO) if you need additional assistance.

On Campus

CAS is our recommended authentication and authorization service for all web-based applications. It provides a Single Sign-On (SSO) experience for Purdue users. Many web servers on campus already use CAS for authentication. This solution provides a common login experience for all Purdue users for authentication and does not require a programmer to create a new authentication mechanism and login page that must be maintained.

To learn more about Purdue's Centralized Authentication Service (CAS) - including a link to the required Service Level Agreement (SLA) needed to add your server to use CAS, please click Centralized Authentication Service (CAS).

Note: If your application cannot support Centralized Authentication Service (CAS) or CAS does not provide the information you need when validating a user, there are two other options available at this time. Those are Infrastructure for Identification, Authentication and Authorization (I2A2) and ApacheDS LDAP. These two options are only available for websites that reside on the Purdue network.

To read more about Purdue's implementation by reading Infrastructure for Identification, Authentication and Authorization (I2A2).

Learn more about Purdue's implementation of ApacheDS LDAP at this link.

To request access to either Purdue's I2A2 or ApacheDS implementation, you will first need to fill out a Service Level Agreement (SLA) between your group and the IAMO. Please fill out section VII Client Definitions: section A, VIII Signatures: section A and IX Appendix A: sections A, B, C D and E. In section C, make sure you check either I2A2 or ApacheDS, depending on which one you wish access. Once you have this filled out, forward the hard copy to: IAMO Director / ITAP / ROSS. Please allow 3-5 business days for processing.

Off Campus

If your application runs on servers hosted at a vendor site, our recommended service is the InCommon Federation Authentication Service.

Purdue University is a member of the InCommon Federation. As part of this membership, the Identity and Access Management Office (IAMO) offers a web single sign on service using Shibboleth open source software. The Purdue Shibboleth is a two part process: first you authenticate through Purdue's CAS system with your career account and password, then the institution you are attempting to connect determines if it will authorize your access based upon the attributes released by Purdue.

To learn more about Shibboleth, visit

To learn more about Purdue's Shibboleth offering, including the form needed to request access, please visit the Purdue Shibboleth Information page.

If you have any questions, please contact

Feedback | Contact Purdue | Style Standards
Maintained by: IAMO Team

Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at or (765) 494-4000.