umweb: weblogin

Friday May 24 2013

information technology central services at the university of michigan

homepage
cgi scripts
→ weblogin
htaccess
private
webspace
SQL

Using weblogin.umich.edu

home / how-to / weblogin

weblogin.umich.edu user's guide

This guide covers logging in, logging out, and working securely with our single sign-on environment. To install the weblogin software ( cosign ) on your own web server, please see the software section.

logging in

weblogin.umich.edu simplifies the use of UM web-based services by requiring that you login only once per web session to access a number of different sites. To begin a session, simply visit weblogin.umich.edu prior to accessing any protected resources. After successful authentication, you will be shown a list of available services ( e.g. directory.umich.edu, Conferencing on the Web, etc. ). If you encounter any problems while logging in please see our frequently asked questions list ( below ) or contact us for help.

logging out

Authenticating via weblogin.umich.edu gives you implicit access to a large number of protected web services, it is therefore very important that you remember to logout when you are finished. Simply click the "logout" link in any weblogin-protected application or visit https://weblogin.umich.edu/cgi-bin/logout. Visiting this link will log you out of all protected resources and protect your identity. For added security you may choose to quit your web browser after logging out.

tip: in most browsers you can simply press 'return' on the logout verification screen to logout. It is not necessary to use your mouse to click on the default button.

Frequently Asked Questions

How do I know if it is safe to give a web site my password?

You should be at least as careful with your Kerberos password as you would be with your credit card number. You should never give your password to any site that is not using SSL encryption ( look for the 'https' in the url and a lock icon in your browser ). You should absolutely never give your password to any web server that is not at umich.edu. Web sites that rely on weblogin.umich.edu for authentication will never ask you for your Kerberos password; this means you need only give your password to weblogin.umich.edu once ( at the beginning of your session ). If you suspect a web server is asking for passwords that should not be, please let us know immediately.

When I login I get 4 error screens that say "Your browser has been redirected ..." what does this mean?

You are using Netscape version 4.x. These redirects are perfectly normal ( in fact, they are necessary for the proper functioning of weblogin ), but your very old version of Netscape does not handle them properly. You may safely ignore these error screens ( there is no way to disable them ) or, better yet, upgrade to a current, standards-compliant web browser.

I went to a web site ( directory.umich.edu, mail.umich.edu, etc. ) and it just let me in without asking for a password. What is going on? Is there a security problem?

This means that you had already begun a weblogin session by visiting weblogin.umich.edu ( possibly to use some other protected service? ). Once you have authenticated to weblogin.umich.edu you have access to many protected web services ( visit https://weblogin.umich.edu/ again to see a list of some of them ). Just be sure to logout when you are finished.

weblogin.umich.edu and protected sites all require that I accept a cookie to use them. Isn't this a privacy problem?

No. These sites use only session cookies ( cookies that go away when you quit your browser ) and are returned only to the protected services you are using. These services need to be able to tell who you are in order to, for example, show you your own e-mail or give you access to your own files. Just be sure to logout when you are finished and quit your browser if you want to make sure the cookies are gone.