Over time, Stanford is switching from its homegrown WebAuth to the SAML 2.0 standard for web authentication. For Stanford servers and applications using WebAuth to authenticate users, this will involve a WebAuth to Shibboleth migration. If you manage such resources, you will be able to find project plans and links to technical documentation on this page.
Action items
- Take inventory of your current WebAuth application(s).
The following information will be required for the migration:- Application name, URL, business owner, application owner, technical lead, group email
- List of attributes used by the application, or current keytab principle
- Join the mailing list webauth-migration@lists.stanford.edu.
Migration instructions
- WebAuth to SAML/Shibboleth Service Provider (SP) Migration (Sunet ID and password required)
Identity & Access Management (IAM) Project Roadmap & Timeline
| Milestone (All Running in Cloud) | Completion |
|---|---|
| Stop issuing new WebAuth-enabled sites (application keytabs) | March 31, 2017 |
| KDC & IdP UAT in Cloud (replica) | May 31, 2017 |
| 50% of UIT Applications on SAML | May 31, 2017 |
| LDAP UAT in Cloud (replica) | November 30, 2017 |
| SAML Single Sign-on (SSO) no longer depends on legacy infrastructure Note: No impact to current WebAuth-enabled applications. |
March 30, 2018 |
| Support for Stanford WebAuth Ends | August 31, 2018 |
