Western WebLogin Service

What is Western WebLogin Service?

Western WebLogin Service provides central authentication for web-based services and applications.  The Western WebLogin Service allows applications (service providers) to authenticate users using their Western credentials, without having to maintain their own password system.

Supported Authentication Protocols

  • SAML2
  • OAUTH2
  • OpenID Connect (OIDC)
  • CAS 2 and CAS 3 (Central Authentication Service)

How Do I Implement the Western WebLogin Service?

Additional Important Items

  • Logging Out
    • Western WebLogin stores information in the user's web browser, using a feature called cookies. Remind users to close the browser for a complete logout.
  • Authentication vs Authorization
    • Western WebLogin provides authentication services, determining if a user's credentials are valid.
    • It is the responsibility of the application to perform authorization, determining if a user is allowed to use the application.
    • Western WebLogin has the ability to send attributes (ie. username, role (staff, student, etc), Active Directory group membership) about a user to aid the application in authorization.
  • 'Break Glass' Account
    • It is recommended to have a 'break glass' account, an account that has access to the application without MFA in the event Identity Provider such as Azure, DUO is not available
  • Outage Planning
    • For application which also has MFA enabled, WTS recommends having a plan in the event of a Duo outage. In the event Duo is unavailable, we recommend having a plan whether or not MFA should be bypassed or not.

Published on  and maintained in Cascade.