M-F 8:30am – 5:00pm
USC Authentication and Authorization Infrastructure (USC AAI)
USC AAI provides authentication and authorization services for access to
university resources and also to selected external resources.
Authentication is the process that is used to prove that you are who you say you are. It is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true (Wikipedia). In the simplest case, it is the process of confirming who you say you are by using something that only you know.
An example of on-line authentication might be to provide your USC Network Username and password to access an application; but could include the use of certificates, location, biometrics or any combination of these.
An example of off-line authentication might be to provide your driver's license when using your credit card to make a purchase.
Authorization occurs after Authentication. Authorization is the function of specifying access rights to resources. It gives you permission to do or have something.
Enterprise authentication applies to applications that authenticate to the central enterprise authentication system currently represented by the USC Active Directory service. This service contains all USC Network Usernames across all system campuses.
Implementing Application Authentication
Applications may use either Shibboleth Authentication or LDAP Authentication. Shibboleth Authentication is recommended. In both cases the authentication itself is the same. Shibboleth authentication may be considered more secure for many applications and can be less effort to implement.
LDAP authentication is required by some applications. In order to utilize LDAP authentication in your application, you may have to establish a resource account in Active Directory (LDAP) that would permit the level of access that your application needs.
To request a resource account to access LDAP, please contact your Department or College IT representative, as they may can create the Resource account in ADUMS. Otherwise, contact the UTS Service Desk at 803-777-1800 or firstname.lastname@example.org.
These accounts require password changes and account renewals and this must be considered in your application deployment. For more detailed information about ldap authentication at USC, please see click here.
Enabling your application to utilize Shibboleth depends on your application. For applications that use Apache LDAP authentication, the change is generally transparent and very simple.
Shibboleth Authentication resides at the web server level to protect an entire web application or a portion of the application. Shibboleth also provides role based authorization for your application.
Additional information and configuration instructions please refer to Shibboleth SP Installation & Configuration instructions.