The campus Cloud and Identity Team will roll out the upgraded Single Sign-On (SSO) service on March 7, 2020. In addition to wrapping up the deployment plan and building the AWS infrastructure, the SEAL (Software Engineering Architecture & Lifecycle) team will complete final stages of integration through testing with existing applications.
Consistent with the goals of Identity & Access Management (IAM) on campus, the SSO upgrade prepares the identity infrastructure for future modernization. Among the improvements are:
- OAUTH2 support (including headless OAUTH2)
- OpenID Connect Support
- Per-application integration with Duo MFA
- Migration of SSO to AWS to improve UCSB's business continuity posture
The upgrade will also include a new login screen. The new look incorporates the UCSB Visual Identity and Branding guidelines released by the campus in 2018. Sam Horowitz, UCSB’s chief information security officer, will be releasing a campus-wide notice through the D-List in the near future announcing the change to the login screen.
Lastly, a bit of "coming attractions" information: We are starting to work out the impact of eliminating TLS versions 1.0 and 1.1 on the campus identity services (CAS, Shibboleth, LDAP, etc.). If you have or know of any applications that consume these services, please investigate whether or not they can support TLS 1.2 or 1.3 with their normal set of ciphersuites. If you find any problems, contact Shea Lovan.