Over the last couple of years, McMaster has been using the SAML/Shibboleth standard for web authentication as a preferred method over the homegrown McAuth authentication solution as support for McAuth will end in the near future. Applications or websites that use McAuth for authentication should begin preparations to move to SAML/Shibboleth method.
For McMaster servers and applications using McAuth to authenticate users, this will involve a McAuth to SAML/Shibboleth migration.
If you manage such resources, you will be able to find links to technical documentation on this FAQ page.
Which websites and applications need to move to SAML/Shibboleth?
University Technology Services will start contacting application owners starting January 2020. If you administer a site that uses McAuth you do not need to take any steps until UTS contacts you for planning.
How can I tell whether my website or application uses McAuth?
Open a private browser window, then open your website or application in that window. Click on the link that allows for macid login. Your site uses McAuth if the URL “https://cap.mcmaster.ca/mcauth/” appears in the browser’s address bar during authentication.
How do I change the authentication on my website or application from McAuth to SAML/Shibboleth?
All the authentication pages have to be disconnected from McAuth and then the McAuth integration components (Scripts) have to be removed. For information and instructions on how to move to SAML, see the SAML/Shibboleth resource here.
What happens if I am unable to migrate my website or application to SAML/Shibboleth?
Unless you request a deadline extension, your website or application will be required to be migrated within a reasonable amount of time (previous planning). This applies primarily to applications using the old/legacy McAuth integrations. For instructions on how to request an extension, see “What should I do if I can’t move my website or application to SAML/Shibboleth?” below.
How can I get help with the migration to SAML/Shibboleth?
Review the McAuth to Shibboleth migration instructions, join the McAuth migration mailing list, or submit a Help request to get help from the It-Security team.
What are the action items for McAuth migration?
- Notify the IT-Security team of your intention to proceed with a migration of your application
- Take inventory of your application(s) currently using McAuth
- Obtain the following information for each application: application name, URL, business/application owner, technical contact
- Provide a list of the attributes (data fields) used by the application
- Join the mailing list c-McAuth-2-SAML@mcmaster.ca
What should I do if I can not move my website or application to SAML/Shibboleth?
First, decide whether your website or application needs authentication. If it does not need authentication, then remove McAuth.
If your website or application does need authentication but you can’t migrate to SAML/Shibboleth due to unforeseen reasons, deadline extensions are available on a case-by-case basis. During the extension time you will be required to look for alternatives in your application that allow for compatibility to SAML/Shibboleth. Submit a Help request to discuss an extension with the IT-Security team. In the request, include the following information:
- Application owner contact information
- local technical support contact information
- URL of your website or application
- Extension date that you want