Authentication and authorization services are designed to allow web applications to rely on centrally managed macid access for authentication and authorization purposes. The sections below provide information on what is available and how to integrate your application to these services.
McAuth is an in-house developed system originally conceived to provide simple authentication and authorization via either PHP or Java. McAuth is still in use by a number of applications on campus but it is soon to be phased out. As such, support for this method will end in the near future and no new integrations are encouraged nor allowed from here on wards. For more information on how McAuth works see here. Applications or websites that use McAuth for authentication/authorization should start making preparations to move to the SAML/Shibboleth based service. Please read through this FAQ for information on migrating from McAuth to SAML/Shibboleth.
This type of integration is available via the Internet2 consortium project, which enables universities to share resources and research across educational institutions. Once deployed and integrated, the SAML/Shibboleth software enables single sign-on authentication and authorization to allow students, faculty, and staff to access resources internally and at partner institutions without needing to create separate, local IDs and passwords for each one. Service providers (also known as “SP” or application/websites that require authentication) can continue to allow access to users with locally authenticated macid credentials and also trust users with credentials from federated authentication services. For more information on how SAML/Shibboleth works at McMaster University see here.
If your application cannot support SAML/Shibboleth but is hosted on a McMaster network and depending on the exact nature of the resource (i.e. a network appliance or a proprietary product), it would be possible to integrate to the macid system via LDAP. For more information about this, please contact the IT security team at “email@example.com”