Shibboleth MultiPass Login Help

Some Mines services (such as, MyMail, OrgSync, Philo, HBO Go, My Library Card, Zoom logins) use a Mines Shibboleth login page similar to the below image. As of November 6, 2016, the login page has some new options related to your consent for releasing information to access the services. The new options are explained in detail below.

Use your MultiPass credential to log in. (This is your campus username + MultiPass password. Enter your username in all lowercase.)

If you have forgotten your MultiPass password, use the Forgot Your Password link on the Identity Self-Service site. Or drop by or call the Tech Support Center (TSC; CTLM 156; 303-384-2345).


Login Page Help

Mines Login


"Don't Remember Login" check box:

  • If you leave this check box unchecked, you will be authenticated for this session/service and for any other Mines services that use Shibboleth MultiPass authentication. (For example, you enter your MultiPass credentials to login into MyMail, and then would be able to access OrgSync without entering your credentials again.)
     
  • If you check this check box, you will be authenticating only for your current session and service. (For example, you enter your credentials to login to MyMail, and then you would need to enter your credentials again to access OrgSync.)
     
  • IMPORTANT SECURITY NOTE: If you are using a public kiosk to log into a Mines service you should check this box (e,g, a public computer in CASA, or any public library). If you do not check this box, the next person who uses the kiosk may be able to log in as you and access your account and/or personal information.


"Clear prior granting of permission for release of your information to this service." check box:

  • If your requested service is a Mines whitelisted service*, when you select the Login button you will be logged into the requested service. (This check box has no effect for Mines whitelisted services. For more details, see the Consent help below.)
     
  • If your requested service is not a Mines whitelisted service*, when you select the Login button,
    • If you check this box, you will be presented with a "consent page". The consent page will show you the information that will be sent to the service you are logging into. (For more details, see the Consent help below.)
    • If you leave this box unchecked, depending on what you previously selected on the consent page, you may be presented with a consent page. (For more details, see the Consent help below.)

* An example of some of the Mines whitelisted services are: MyMail, OrgSync, Rec Sports, IM League, My Library Card, Mines Software Download, Securing the Human, Zoom.
The Mines contracts with our Mines whitelisted service providers includes an obligation to use your information only to provide the contracted service, and to not use or share your data for other purposes.
For all of the Mines whitelisted services, Mines releases only the absolute minimum information that is required to use the service. (For more details, see the More Details for the Curious section below.)


Consent Page Help

Once you select the Login button, you may be shown a "consent" page similar to the one below. It may be displayed if you selected the "Clear prior granting of permission" check box on the Login page, if there has been a change to your information to be sent to the service, or if this is the first time you have accessed this service. (See below for detailed explanation.)

If you are presented a consent page, your consent to release your information is required to be able to access the requested service. In order to log into the service, you must choose one of the information release options and click on Accept. If you select Reject, you will not be allowed to access the service.


 
  • Ask me again at next login:
    • You are agreeing to send your information for this login session to this service.
    • If you select this option, you will be prompted with the consent page again the next time you log into this same service.
       
  • Ask me again if information to be provided to this service changes: (This is the default option)
    • You are agreeing to send your information for this and future login sessions to this service.
    • If you select this option, you won't be prompted with the consent page again for this service unless there is a change to your information to be sent to the service.
       
  • Do not ask me again:
    • You are agreeing to release all of the information requested by any service using this Mines authentication service.
      NOTE: For all of the Mines whitelisted services, Mines releases only the absolute minimum information that is required to use the service.
    • If you select this option, you won't be prompted with the consent page again for this or other services that use this authentication system.
    • If you select this option, but later decide you want to see what information is being sent to a service, check the "Clear prior granting of permission..." box on the Login page.
       

More Details For The Curious:

  • The technology used by this Mines web login system is called Shibboleth. It is a single sign-on (SSO) system for computer networks and the internet. Visit the Wikipedia Shibboleth page for a more in-depth explanation of Shibboleth.
     
  • Shibboleth is a type of federated identity login. This is similar to using your Facebook or personal Google credentials to log into non-Facebook or non-Google services. Visit the Wikipedia "federated identity" page for more information.
     
  • CAS (Central Authentication Service) is another type of federated web login system used at Mines. We use it for the housing portal, TEM, Cognos, and other Mines services. See the Wikipedia CAS page for more information.
     
  • Both the Shibboleth and CAS services at Mines use your MultiPass credentials (campus username + MultiPass password) for authentication! We have been trying to consolidate password services at Mines so that people have fewer usernames and passwords to remember for campus services, but there will always be a few services that require a separate password.
     
  • For all of the Mines whitelisted services, Mines releases only the absolute minimum information that is required to use the service.
     
  • The minimum information (attributes) that are released to any service includes email address and name/username information. (See the image in the Consent help section above for an example.)
     
  • When you use either Shibboleth or CAS services at MInes, your password is never passed across the internet to the associated services.
     

© 2017 Colorado School of Mines | | Equal Opportunity | Privacy Policy | Directories | Text Only | Mines.edu | rss

 
Last Updated: 06/28/2017 10:58:28