On Wednesday, February 15, 2012 at 5 a.m., OIT will upgrade the University of Minnesota sign in page and its authentication platform. As a result of this upgrade, the following significant changes will be noticed:


picture of old sign in page

A picture of the old sign in page displayed on a desktop computer (click to enlarge)


a picture of the new sign in page displayed on a desktop computer

A picture of the new sign in page displayed on a desktop computer (click to enlarge)

picture of the new sign in page displayed on a handheld device

A picture of the new sign in page displayed on a handheld device (click to enlarge)


New Sign In Page
The newly designed sign in page offers significant improvements. It has been updated to meet University branding standards, to accommodate screen readers, and to display on mobile devices. For a visual demonstration of the changes, compare the following:

New Authentication Platform
To provide authentication for its applications and services, the University currently uses both Shibboleth (an open source SAML implementation) and Central Authentication Hub (CAH). As has been previously communicated, OIT plans to sunset CAH and migrate all applications to Shibboleth. Based on feedback, the original date of December 31, 2011 has been changed to June 15, 2012.

On February 15, OIT will upgrade its current Shibboleth implementation to a new platform. The upgrade will include software and hardware updates. As a result, the following will occur:

  • All existing Shibboleth applications will be migrated to the new platform, which will go through the new sign in page. All applications that still use CAH for authentication will continue to use the old sign in page.

  • There will be no single sign on (SSO) between Shibboleth and CAH applications. This means if a user is signed into an application based on Shibboleth and accesses an application based on CAH, they will need to re-authenticate. As applications are moved off of CAH, users will no longer observe this behavior.

  • There will be no single sign out between CAH and Shibboleth applications; users must sign out of both sets of applications separately.

  • There will be no single sign out among Shibboleth applications. This means that users must sign out of each application separately. (For maximum security, the browser should always be closed after signing out.)

Summary

  • February 15: New Shibboleth environment and new sign in pages

  • February 15 - June 15: two different sign in pages in use, no SSO between CAH and Shibboleth applications

  • June 15: CAH decommissioned

For more information, visit the U of M Shibboleth Wiki.