About CUWebLogin

What does CUWebLogin do?

CUWebLogin allows you to access restricted web pages without needing SideCar. It does this by allowing you to log in to a web form, and then passing your authentication information back to the web server in a cookie.

What sites support CUWebLogin?

CUWebLogin works on services where the the web server administrator has installed the CUWebAuth software from CIT, and registered the server to use the CUWebLogin service. The web site must also be configured to allow CUWebLogin.

Most CIT-affiliated web sites that require authentication support the use of CUWebLogin.

For web sites maintained by another department, you will need to check with that department. You can also simply try accessing the site without SideCar, and see what happens.

CUWebLogin Features

• Single Sign On allows you to access multiple sites that support CUWebLogin without needing to type in your NetID and password at each site.
• A custom message about the web site you are trying to access may appear in the CUWebLogin window, to the right of the dialog boxes.
• A popup window (illustrated at right) reminds you that you have authentication credentials which someone else could use if you walk away from your computer. When you're done using web sites that require Cornell authentication, clear your credentials by closing ALL your browser windows and exiting your browser.

How CUWebLogin works

Understanding the sequence of events that occurs when you use CUWebLogin will help you to use it successfully. Here is what happens:

1. Using your web browser, you request a restricted web page on a web server that is running CIT's CUWebAuth software.
2. The web server may try to contact SideCar on your computer. (Some web servers skip this step.) If you have already authenticated using SideCar, the web server has the option of using those credentials so you don't have to enter your NetID and password again. If SideCar doesn't respond, the web server proceeds to step 3.
3. The web server redirects your browser to the CUWebLogin server to have you authenticate.
4. You enter your NetID and password into the form on the CUWebLogin page (see illustration), which is encrypted using SSL.
5. Assuming your password is correct, the CUWebLogin server stores your credentials in two cookies, one for the page you have already requested and one for later access to other restricted pages.
6. The CUWebLogin server redirects you to the original page that you requested.
7. The web server confirms that you have authenticated successfully and gives you the restricted web page.
8. Your authentication credentials on this web site last for either 5 minutes or 8 hours, depending on how the web site is set up. Your Single Sign On credentials, which allow access to other restricted pages without having to re-type your NetID and password, are always good for 8 hours.

If you are filling out a web form that requires authentication, two extra steps are added to the basic procedure above:

1. Before step 3, a message will advise you that the information you have entered in the form needs to be preserved while you authenticate.
2. After step 6, another message will advise you that the information has been preserved.

Need help with CUWebLogin?

Please see the help page, which discusses some common problems, and the error message page, which lists specific messages and what to do about them. You may also ask for help from the CIT Contact Center (HelpDesk), helpdesk@cornell.edu or 607-255-8990.