ITS and UVa logos for printed output

NetBadge for Web Developers (Shibboleth)

Implement NetBadge for an Application

NetBadge for Single-Signon, Shibboleth for Authorization Behind NetBadge

NetBadge is the UVA brand for our Web application single-signon (SSO) service. This section of the website presents information for developers who need to build or adapt applications to use NetBadge and Web server administrators who need to work in the NetBadge environment. The terms “Shibboleth” (or “Pubcookie”) and “NetBadge” will be used, respectively, to denote the underlying authentication technology and the UVA implementation of that technology.

In configuring an application to use NetBadge, the first step is to use a Web server that has the Shibboleth module installed. Apache (UNIX) and Microsoft IIS can both be configured to use Shibboleth. Once the Web server has been installed and configured, then the Web server itself handles the NetBadge authentication. The Web application does not need to do any authentication at all.

Moving from Pubcookie to Shibboleth

For years, the technology used to implement NetBadge has been the NSF-funded open-source product Pubcookie, developed principally at the University of Washington. However, this technology is no longer being enhanced, and is not available for the latest versions of Web server software for both Windows and Linux servers. This has required us to shift to a new technology to support the NetBadge SSO login service.

UVA is also a participant in the InCommon Federation, based on a different open-source technology Shibboleth, for authentication and authorization to access applications at UVA and also at other institutions. The UVA Shibboleth IdP (Identity Provider) uses the same NetBadge login service that Pubcookie clients use, so the client login process is the same. Shibboleth software for both Service Provider (SP) and IdP are actively being enhanced and supported.

As NetBadge client servers are upgraded to newer operating systems and Web server software versions, or as new clients are installed, these need to be implemented as Shibboleth SPs rather than using Pubcookie. One of the advantages of shifting to Shibboleth as our SSO technology is that the IdP can provide more than just the authenticated user ID to the Web application, giving the application additional attributes which may be used for authorization to access the application.

Operating System Web Server Version Supported SSO Software
Windows 2003 IIS 6 Pubcookie
Windows 2008 IIS 7 Shibboleth
Windows 2012 IIS 8 Shibboleth
Centos/Red Hat Enterprise 6
Ubuntu 12
Apache 2.2 Pubcookie or Shibboleth
Centos/Red Hat Enterprise 7
Ubuntu 14
Apache 2.4 Shibboleth

  Page Updated: Monday 2018-06-25 11:56:04 EDT