Single Sign-on FAQ

Overview

Many web services on campus rely on your Duck ID username and password to allow access.  Behind the scenes, these applications are relying on software called Shibboleth to verify your identity.  The Shibboleth tool is what prompts you for your credentials.  The tool works with your web browser to provide access into other Shibboleth-enabled applications without asking you to re-enter your Duck ID and password.  Because you are able to sign in once and then access multiple services, this process is referred to as single sign-on.

Information

What does a single sign-on request look like?

Web pages that integrate with Shibboleth have the following look and feel:
Shibboleth Screen Shot

Is single sign-on safe?

Yes, but it is important to protect your credentials and not be fooled into providing them to an impostor website.  The address bar of your web browser will begin with “https://shibboleth.uoregon.edu/” when you are on the UO Single Sign-on page.

You can further validate the legitimacy of the page by ensuring the SSL Server Certificate for the site matches the following:

  • Issued To
    • Common Name:  uoregon.edu
    • Organization:  University of Oregon
    • Organizational Unit:  Information Services (IS)
  • Issued By
    • Common Name:  InCommon RSA Server CA
    • Organization:  Internet2
    • Organizational Unit:  InCommon

How do I learn more about my Duck ID?

To learn more about your Duck ID, please visit these knowledge base pages on the UO Service Portal.  If you would like more information on changing your Duck ID Password, please look at this knowledge base article.

How do I report a single sign-on problem?

If you're having trouble signing in to an application, the application might require further authorization or additional information from our login service.  To report a login problem or issue with your Duck ID, please contact the Technology Service Desk.

 

Details

Article ID: 52631
Created
Wed 4/25/18 12:00 PM
Modified
Fri 8/10/18 1:35 PM