Skip to content Skip to navigation

WebAuth Announcement

Over time, Stanford is switching from its homegrown WebAuth to the SAML 2.0 standard for web authentication. For Stanford servers and applications using WebAuth to authenticate users, this will involve a WebAuth to Shibboleth migration. If you manage such resources, you will be able to find project plans and links to technical documentation on this page.

Action items

  • Take inventory of your current WebAuth application(s).
    The following information will be required for the migration:
    1. Application name, URL, business owner, application owner, technical lead, group email
    2. List of attributes used by the application, or current keytab principle
  • Join the mailing list webauth-migration@lists.stanford.edu.

Migration instructions

Identity & Access Management (IAM) Project Roadmap & Timeline

Milestone (All Running in Cloud) Completion
IdP UAT on Cloud Late Fall, 2016
LDAP Replication in the Cloud - UAT; initial-step architecture
(Note: in UAT with production data)
Late Fall, 2016
KDC Replication in the Cloud – UAT
(Note: in UAT with production data)
Mid Winter, 2017
LSDB Replication in the Cloud - UAT Mid Winter, 2017
Stop issuing new WebAuth-enabled sites (application keytabs) March 31, 2017
Replicate WebLogin in Cloud UAT Late Winter, 2017
Duo-Shibboleth Testing Late Winter, 2017
Cut over the complete AuthN and directory infrastructure in the Cloud – PROD
With this milestone, authentication is geo-diversified.
Mid Spring, 2017
50% of UIT Applications on SAML Late Spring, 2017
Containerization of IAM’s complete AuthN and directory infrastructure
Consistency in deployment of architecture and provisioning is achieved.
Late Summer, 2017
Switch WebLogin and Shibboleth
(all apps flip to WebLogin)
SAML single sign-on is no longer dependent on legacy infrastructure.
Late Summer, 2017
Automation of IAM Late Fall, 2017
Stanford WebAuth Ends Mid Summer, 2018
Last modified March 7, 2017