Choosing a Single Sign-On Solution at STScI
Abstract
The Space Telescope Science Institute (STScI) has over 100 online tools and services most of which require their own username and password for authentication. These services span from Human Resources tools for time-keeping to science collaborative wikis like Confluence and the Archive Search Services which give access to proprietary data. These disparate and independent systems have led to problems for end-users who must track multiple electronic identities for all these services. In order to consolidate these logins, improve security at STScI and to better the user experience, we have embarked on a search for a Single Sign-On (SSO) solution which would encompass a large number of requirements from engineering, science and IT divisions. In this paper we discuss several SSO options which we found to be popular with astronomical centers. We give full details on the reasoning behind choosing Shibboleth and Central Authentication Service (CAS) as our SSO solution at STScI. We outline hurdles, lessons learned and implementation solutions which we have taken in order to migrate STScI web services to using SSO. We discuss the benefits of SSO and our future plans.
- Publication:
-
Astronomical Data Analysis Software and Systems XXIII
- Pub Date:
- May 2014
- Bibcode:
- 2014ASPC..485..289A