Web Authentication System

Body

Web Authentication (WebAuth) is a system designed to streamline the authentication process for any of Dartmouth's web-based systems, to make the process of logging into web-based systems more secure, and to provide support for additional operating systems.

Streamlined Authentication

Once a web-based system that requires authentication is upgraded to use the WebAuth system, many users will no longer be prompted to log in to that system. This is because the first thing the WebAuth system does is to automatically look for a valid PKI certificate pair. If it exists, and if the private certificate is for someone who is supposed to have access to the system, they will automatically be let in.

If a valid PKI certificate pair does not exist on the computer, then the WebAuth system will look for a Kerberos ticket. If there is already a valid Kerberos ticket, and if the ticket is from someone who is supposed to have access to the system, they will automatically be let in. (Note: WebAuth will not prompt for a Kerberos ticket like SideCar did. The Kerberos ticket needs to be obtained prior to accessing the authenticated Web site if Kerberos is going to be used.)

If there is not a valid PKI certificate pair, and if there is not a valid Kerberos ticket, the user will be prompted for their Dartmouth NetID and password. If the information they enter is for someone who is supposed to have access to the system, they will be let in.

After authenticating to one system — either via PKI, Kerberos, or NetID — any other web-based system the user tries to access that also uses the WebAuth system will automatically use the same credentials to determine whether the user has access to the system. In other words, you will not be prompted to enter your user name and password again, unless you have logged out of all the systems that use WebAuth.

Secure Access

Currently, there are different interfaces to every web-based system. Many people have gotten into the habit of entering their user name (NetID) and password whenever they are prompted to enter it.

There are currently web-based systems at Dartmouth that are created and maintained by people other than Information, Technology & Consulting (ITC). ITC cannot guarantee that the user name and password a user enters to access one of those systems is not being captured and used to allow other people access to an account.

The goal is to have all official systems use the WebAuth system, so that members of the Dartmouth community will know they should only enter their PKI certificate credentials or their NetID and password into the WebAuth system window. If they are prompted to enter their login credentials on a different screen, they should find out where that information is going to go before proceeding.

Supported Systems

An added benefit of the WebAuth system is the addition of support for any operating system that uses a standard browser, such as Firefox, Internet Explorer, Safari, or Chrome.

WebAuth will allow users of Linux and Intel-based Macintosh computers — systems not supported by our old SideCar authentication system — to authenticate to applications.

Additional software does not need to be installed on a computer in order to use WebAuth.

WebAuth Help

Make sure you have a valid network connection, and that the web browser you are using is configured to accept cookies.

Help by Affiliation

The WebAuth system supports accounts for several different types of users. If you are having trouble logging in, follow the directions in the section below for your account type.

Dartmouth College Faculty, Staff, and Students: If you have forgotten your NetID password, contact your department's IT support office or the ITC Service Desk.

Dartmouth Alumni: Like a user name, a NetID is a permanent, personal identifier that is unique to each individual and is used to log in to most Dartmouth systems, including some used by alumni. Alumni should refer to the Alumni NetID FAQ page for more information about the use of their NetID.

Dartmouth-Hitchcock Medical Center Staff: The DHMC Computer User Support pages contain help and contact information for account problems.

Dartmouth College Library Users: The Library Account Login page contains help and information.

Setting up a Web-Based System to Use WebAuth

As of April 4, 2017, .htaccess files used to control access to a website will need to be in the format <john.a.doe@dartmouth.edu> rather than <netid@dartmouth.edu>.

For answers to specific questions, see Frequently Asked Questions

Details

Details

Article ID: 64961
Created
Tue 10/9/18 12:28 PM
Modified
Mon 3/20/23 2:42 PM