Suggested RFP Language

If you are planning to purchase a third-party application that you would like to integrate with CalNet for user authentication, please add the following language to any RFP documentation or other set of requirements you send to the vendor:

For access control, new campus enterprise systems must integrate with the University's CalNet system for identity and access management. Your application must use one of the supported authentication technologies listed below:

  • native Kerberos (end-to-end - passphrase does not leave user's workstation)
  • CAS web SSO, SAML/Shibboleth federated SSO
  • SPNEGO/Kerberos for browsers (HTTP Negotiate)
  • GSSAPI with Kerberos
  • Microsoft SSPI (CalNetAD)
  • Certificate-based authentication using Microsoft Server 2003 PKI (CalNetPKI). Simple (non-SASL) unencrypted LDAP binds for authentication with AD are prohibited.

Describe how your solution would interface with this infrastructure.

For more information on CalNet authentication and authorization infrastructure, please review CalNet for Technologists.