NetBadge at UVA
The NetBadge Single-Signon (SSO) service has components on multiple servers, and the responsibility for installing and maintaining the software on these servers is distributed among a wide variety of groups within the University.
ITS manages the NetBadge login service and Shibboleth Identity Provider (IdP). This includes configuration of the Pubcookie keys for legacy servers which can continue to use that technology, configuration of all metadata in the IdP that defines each supported Service Provider (SP), and implementation of customized attribute release filters for SPs which require attributes not included in default release filters. ITS also provides some documentation on basic SP configuration.
The Information Security has the responsibility for reviewing release requests for any attributes not included in the default release filters. The SP owner must provide a statement of required attributes and agree to use the released attribute values only for the purpose of authorizing access to the SP's Web application(s) and not to cache or otherwise store the attributes on the application server.
The Web server administrator is responsible for installation and configuration of the Shibboleth SP software or Pubcookie software, and for integration of Shibboleth or Pubcookie with the Web application(s) configured on the server. Before an SP may direct users to the IdP for authentication, the IdP must have imported the SP metadata, so the server administrator must coordinate the configuration of a new SP with ITS engineers by making a service request through the Service Portal. Additional consultation assistance in configuring the SP software is available from ITS, which may be charged at the normal ITS consultation rate.