Web Page / Application Authentication
Our authentication and authorization services are designed to meet different goals. So how do you know which one it right for
your project? The information below is intended to help you determine which one is right for your application or service.
Note: After reviewing the information below, if you are unsure on which option is right for your application or service, please contact your application or web administration group to see which one is recommended and supported in your environment. You can also contact the Identity and Access Management Office (IAMO) if you need additional assistance.
On CampusCAS is our recommended authentication and authorization service for all web-based applications. It provides a Single Sign-On (SSO) experience for Purdue users. Many web servers on campus already use CAS for authentication. This solution provides a common login experience for all Purdue users for authentication and does not require a programmer to create a new authentication mechanism and login page that must be maintained.
To learn more about Purdue's Centralized Authentication Service (CAS) - including a link to the required Service Level Agreement (SLA) needed to add your server to use CAS, please click Centralized Authentication Service (CAS).
Note: If your application cannot support Centralized Authentication Service (CAS) or CAS does not provide the information you need when validating a user, there are two other options available at this time. Those are Infrastructure for Identification, Authentication and Authorization (I2A2) and ApacheDS LDAP. These two options are only available for websites that reside on the Purdue network.
To read more about Purdue's implementation by reading Infrastructure for Identification, Authentication and
Learn more about Purdue's implementation of ApacheDS LDAP at this link.
To request access to either Purdue's I2A2 or ApacheDS implementation, you will first need to fill out a Service Level Agreement (SLA) between your group and the IAMO. Please fill out section VII Client Definitions: section A, VIII Signatures: section A and IX Appendix A: sections A, B, C D and E. In section C, make sure you check either I2A2 or ApacheDS, depending on which one you wish access. Once you have this filled out, forward the hard copy to: IAMO Director / ITAP / ROSS. Please allow 3-5 business days for processing.
Off CampusIf your application runs on servers hosted at a vendor site, our recommended service is the InCommon Federation Authentication Service.
Purdue University is a member of the InCommon Federation. As part
of this membership, the Identity and Access Management Office (IAMO) offers a web single sign on service using Shibboleth open
source software. The Purdue Shibboleth is a two part process: first you authenticate through Purdue's CAS system with your career
account and password, then the institution you are attempting to connect determines if it will authorize your access based
upon the attributes released by Purdue.
To learn more about Shibboleth, visit Shibboleth.net
To learn more about Purdue's Shibboleth offering, including the form needed to request access, please visit the Purdue Shibboleth Information page.
If you have any questions, please contact firstname.lastname@example.org.