M-F 8:30am – 5:00pm
Service Desk Hours:
M-F 8:00am – 6:00pm
iCARE Center Hours:
M-F 9:00am - 5:00pm
1244 Blossom St.
(803) 777-1800
servicedesk@sc.edu
 |
||||||
|
|
||||||
USC AAI provides authentication and authorization services for access to
university resources and also to selected external resources.
Accessing a restricted resource is a two step process. By some means
you state - This is who I am, now what can I access? The resource must verify
who you are (authentication) and if successful grant you the privileges that have been assigned to you
for the resource (authorization).
For most on-line university resources, you will
indicate who you are by presenting your USC Network Username and password.
Authentication
Authentication is the process that is used to prove that you are who you say you are. It is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true (Wikipedia). In the simplest case, it is the process of confirming who you say you are by using something that only you know.
An example of on-line authentication might be to provide your USC Network Username and password to access an application; but could include the use of certificates, location, biometrics or any combination of these.
An example of off-line authentication might be to provide your driver's license when using your credit card to make a purchase.
Authorization
Authorization occurs after Authentication. Authorization is the function of specifying access rights to resources. It gives you permission to do or have something.
Click here for information about the Network Username.
Enterprise Authentication
Enterprise authentication applies to applications that authenticate to the central enterprise authentication system currently represented by the USC Active Directory service. This service contains all USC Network Usernames across all system campuses.
Implementing Application Authentication
Applications may use either Shibboleth Authentication or LDAP Authentication. Shibboleth Authentication is recommended. In both cases the authentication itself is the same. Shibboleth authentication may be considered more secure for many applications and can be less effort to implement.
LDAP authentication is required by some applications. In order to utilize LDAP authentication in your application, you may have to establish a resource account in Active Directory (LDAP) that would permit the level of access that your application needs.
To request a resource account to access LDAP, please contact your Department or College IT representative, as they may can create the Resource account in ADUMS. Otherwise, contact the UTS Service Desk at 803-777-1800 or servicedesk@sc.edu.
These accounts require password changes and account renewals and this must be considered in your application deployment. For more detailed information about ldap authentication at USC, please see click here.
The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner (shibboleth.internet2.edu)
Enabling your application to utilize Shibboleth depends on your application. For applications that use Apache LDAP authentication, the change is generally transparent and very simple.
Shibboleth Authentication resides at the web server level to protect an entire web application or a portion of the application. Shibboleth also provides role based authorization for your application.
Additional information and configuration instructions please refer to Shibboleth SP Installation & Configuration instructions.
| Safety/Emergency Information | Directory: Find People Map: Find Places Calendar: Find Events VIP | Contact and Site Information |
| Columbia, SC 29208 • 803-777-1800 • Webmaster | Privacy Policy | © University of South Carolina Board of Trustees |