Single sign on at the University

The University of Exeter Single sign on service integrates with web servers and web applications to provide a central point for:

  • authentication - traditionally entry of username and password
  • authorisation - allowing or denying access to the resource based on University policy

This enables you to avoid repeating your username and password for access to secure web pages and applications for which you are authorised.

sso-logon

The Single sign on logon dialogue box

The Single Sign On system establishes an "SSO session" the first time you try to access a protected resource.
The session lasts a maximum of 4 hours in normal circumstances but is terminated after 2 hours of idle time.

The session can be established automatically if you are already logged in to the internal Windows AD network via your regular desktop login providing your browser is either Firefox or Internet Explorer (version 7 or above) and the browser has been configured with the recommended settings.

Otherwise the session is established by entering your username and password into the secure logon dialogue which appears automatically whenever required.

Whilst your session remains active you will not need to login again and any access to protected resources may be allowed or denied on the basis of any policies which the SSO system is enforcing.


Single sign on - some questions - and answers

What is Single sign on?

Single sign on (SSO) is a service which allows users to provide their username and password once to a trusted service and to have their identity securely, consistently and seamlessly provided to many web applications. It lets you use certain web applications without having to log in more than once per session.

Who can login to the University's SSO service?

All members of the university with an IT account can use SSO to authenticate. This does not mean you will have access to every application that uses SSO, some of these applications will have additional controls that only allow access for certain individuals.

How do I login?

In general you will be prompted to login to SSO on demand when you attempt to access an SSO protected resource.

It is however possible to log directly into SSO  by visiting https://gosling.exeter.ac.uk/distAuth/UI/Login?realm=/people

You should use your normal University of Exeter username and password, the same one you use to read your University email account.

Successful login will set a session cookie and allow you to view any protected resource to which you have authorised access without the need to login again.

How do I logout?

You can logout of SSO entirely by visiting https://gosling.exeter.ac.uk/distAuth/UI/Logout

Most browsers are normally configured to remove session cookies on exit but if you find this is not the case then you must remove the
cookies manually or use the logout URL. See your browser documentation for removal of session cookies.

It is very important that you log out of SSO when you have finished using the computer, particularly if the computer is in a public place.

What are the advantages of SSO?

The SSO service provides several benefits

  • The same username and password allows you access to many services
  • You only have to provide your password to one trusted application at a well known URL
  • You only have to type your username and password once per session
  • You can be confident that your username and password are treated securely

Why should I check the SSO web address in my browser bar before typing my password?

Before entering your username and password into the University's SSO login form you should check that the web address of the page being displayed begins with https://....exeter.ac.uk/... The reason for checking this is to make it more difficult for a malicious person to fool you into supplying your username and password by setting up a page that looks like the university's SSO login page. By routinely checking the address of the login page you help to reduce that risk. This is especially important when logging in to services that you have not used before.

What is the trusted login URL?

https://gosling.exeter.ac.uk/ or https://sso.exeter.ac.uk/ are the URLs you should trust for logging in to SSO. The URL may also contain other significant path and parameter details which are added dynamically. If you have been redirected to the SSO service whilst trying to access some other web site you'll often find "?service=" or "?goto=" and the web address of the application tagged on the end of the login URL - this is okay too as it allows the SSO service to send you back to where you wanted to be, once it's successfully worked out who you are.

Why should I trust this login URL?

The "s" in "https" means that it is a secure site, offering both encryption of information as it traverses the network and authentication of the server. You can be sure that username and password information typed into this web form is only used by the university's SSO Service for authenticating you for access to "approved" web applications. The username and password you provide are not recorded and are not exposed to third-parties. Applications making use of SSO will be informed of your university username but they will never see your password.