WebAuth is the authentication system that underlies WebLogin, which enables access to protected web pages and web applications. SUNet ID account holders use WebAuth to gain access to these protected resources; content managers use it to restrict access to certain web pages; and some system administrators use the WebAuth module on their departmental Apache web servers.
The first time you visit a web page protected by WebAuth, you're sent to a central login server (at Stanford, it's weblogin.stanford.edu) and prompted to authenticate. Normally, you enter your username and password, although other authentication methods are possible. After you log in, the WebLogin server sends your encrypted identity back to the original web page you tried to access. Your identity gets stored in a cookie set by the WebLogin server and you won't need to authenticate again until your credentials expire, even if you visit multiple protected websites.
- Works with any browser that supports cookies.
- Doesn't require you to install agents or other software on the client web browser systems.
- Works with an existing Kerberos v5 authentication realm.
- Single sign-on provider for a Shibboleth IdP.
- Supports SPNEGO authentication as well as username/password over TLS/SSL.
To learn how to restrict access to web-based resources, see WebAuth User Authentication. To download and learn how to use WebAuth on a local server, see the Download WebAuth and Stanford WebAuth Installation Instructions pages. For more information, see For IT Providers, below.
For IT providers
If you manage content and want instructions for protecting web pages hosted on the www.stanford.edu servers, see the pages linked below.