CDS News - Shibboleth   [updated 23 Aug 2011]

Institutional login (UK Federation via Shibboleth) provides access to many databases and restricted web sites using a single id and password, managed by the home institute to which the user is affiliated i.e. by the Identity Provider (IDP).

This should result in greater convenience and improved security. Many University users already have a suitable id for access to e.g. Web of Knowledge, MIMAS, JISCmail etc.

The CDS is a Service Provider (SP) and is advertised as such by the UK Federation.

Institutional logins have now been restored

See details below:

Item added 23/08/11

Institutional logins have now been restored

The fixes for the security issue have been installed.
The upgraded software now has a different look and feel when logging in.

Please let us know of any problems encountered.
Apologies for the loss of this facility since 3rd August.

Item added 03/08/11

Institutional logins have been disabled for now

This is due to a software security issue. Fixes are being located.

Item added 03/03/10

Shibboleth upgraded to version 2.0

Following the mandatory upgrade of Shibboleth 1.3 to 2.0, Institutional logins to CDS are available once again.

Sorry for the disruption to the service.

Please report any problems found to cdsbb@stfc.ac.uk

Item added 15/02/10

Institutional login "Shibboleth" software requires updating - institutional login disruption is possible in the next few weeks.

The existing Shibboleth v1.3 software has an end of life on June 30th. We must upgrade to v2.0 well before then in case a major security flaw is discovered, resulting in early withdrawal.

The new version should coexist alongside the existing one but in an imperfect world we may temporarily lose institutional login capability for a while.

The CDS login should not be affected by this upgrade to institutional logins.

Item added 19/05/09

The ACDLabs Web Ilab client now supports "login-first" again (CDS or Shibboleth log on)

Item added 01/05/09

Owing to ACDLabs ChemSketch clients being unable to use login-first via CDS/Shibboleth, the old authentication has been restored for both this and the web version Ilab. This was necessary because the two programs are tightly coupled.

Hopefully a way around this will be found soon.

Item added 27/04/09

Shibboleth access available for all databases

All web-based databases now have "login first" set (and are "Shibboleth" enabled)

Safari (3.2.1) on a MAC has been found to give problems logging in due to strange behaviour in cookie handling. The symptom is a repeated return to the login screen (CDS or Shibboleth) after successfully logging in, and then selecting a database from the "red box" start button.

Firefox works fine however.

Item added 23/04/09

The "login first" release date has been postponed by 2 days, due to technical reasons.

Item added 20/04/09

Timetable for web client migration to new "login first" Shibboleth or CDS login scheme:

Wednesday 22/04 - ICSD web client
Thursday 23/04 - CrystalWeb
Friday 24/04 - others

NB the non-web clients for ACD/ILAB "Chemsketch", Detherm and any interactive logins e.g for ConQuest, cannot as yet be accessed via Shibboleth and so will operate as before.

Item added 14/04/09

Details of WAYFless access

WAYFless access for CDS Shibboleth login can be easily set up as follows:

e.g. if your Institutional login provider has IdP's Shibboleth SSO (service)

https://shibboleth01.stfc.ac.uk/shibboleth-idp/SSO

then the WAYFless URL to use is :

https://shibboleth01.stfc.ac.uk/shibboleth-idp/SSO?target=https%3A%2F%2Fcds.dl.ac.uk%2Fsecure%2Flogin.cgi&shire=https%3A%2F%2Fcds.dl.ac.uk%2FShibboleth.sso%2FSAML%2FPOST&providerId=https%3A%2F%2Fsp.cds.stfc.ac.uk%2Fshibboleth

REMINDER : From April 20th, the new "login first" scheme will be extended to all of the CDS databases.

Item added 31/03/09

Shibboleth access initially set up for two databases

We have initially introduced support for Institutional login for two of the CDS databases - "Available Chemicals" and "Screening Compounds".

To use these two databases only, it is necessary to login BEFORE accessing the usual start links in the "red box" menu on the main page
Two login links are available as follows:

1) CDS Login Accepts the usual CDS id and password.

or

2) Institutional Login ('Shibboleth')

Allows you to navigate to your home university, login there with your UK Federation/Shibboleth id, and if it is the first time logged in, further CDS screens will allow you to map your existing CDS to the new Shibboleth one. After this access to the "Available Chemicals" and "Screening Compounds" databases will be unimpeded by further login boxes.

Visitors who do not have a CDS id when first logged in, will be redirected to the Express registration page. The login then needs to be repeated with the new id / password.

When a new web browser session is started, the login must be repeated, and it needs to be done at the start of each day.

For now, access to the other databases is unchanged i.e. a "CDS" login popup box appears when the database start link is selected (unless the id and password have been saved in the web browser).

From April 20th, the new "login first" scheme will be extended to all of the CDS databases. To help prepare for this, please try to run "Available Chemicals" and "Screening Compounds" with your normal id/password or using an Institutional login if you have one.

NB Interactive login to CDS e.g. to run Conquest is not affected by the new scheme, and will operate with the CDS id/password over ssh as before.

Step by step help for "Institutional login" is available at in the "Registration" pull-down menu.

Please report any problems found to cdsbb@stfc.ac.uk