If you are planning to purchase a third-party application that you would like to integrate with CalNet for user authentication, please add the following language to any RFP documentation or other set of requirements you send to the vendor:
For access control, new campus enterprise systems must integrate with the University's CalNet system for identity and access management.
Your application must use one of the supported authentication technologies listed below:
- native Kerberos (end-to-end - passphrase does not leave user's workstation)
- CAS web SSO or Shibboleth (SAML2) federated SSO (our Shibboleth delegates web authentication to CAS)
- SPNEGO/Kerberos for browsers (HTTP Negotiate)
- GSSAPI with Kerberos
- Microsoft SSPI (CalNetAD)
- Certificate-based authentication using Microsoft Server 2008 PKI (CalNetPKI). Simple (non-SASL) unencrypted LDAP binds for authentication with AD are prohibited.
For more information on CalNet authentication and authorization infrastructure, please review the topics in the CalNet for Technologists menu.