Safer access

You will notice certain changes to access the services made available by the Federated Academic Community (CAFe). That is because options that offer more security to your access are available. Check it out!

In the first access screen, you can check the option ‘Do not save my login’. That is fundamental for when you are accessing the system from a public computer (library, Internet café, hotel) and need to prevent your login and password information from being saved in that place. As a safety tip, we suggest that you also avoid saving this information in your personal computer, for if anyone uses it improperly or without your authorization, they will be able to access all of the services available in the system with your ID.

Another option that can be chosen when you login is to ‘Remove any permission previously given from my attributes’. Upon checking this option, you erase from the system the data saved in previous logins. The possibilities of saving this information are available in the second access screen, which can be activated (or not) by the local administrator.

After clicking Login, you are directed to a second screen, where the information (attributes) that will be temporarily shared during the use of the federated systems is available. It is important to clarify that this information is not stored by the service you are accessing. It is available only during the use, to secure the user’s ID, and is excluded after the end of the session.

In this screen, you can choose in what way you are going to release these attributes:

Option 1: Ask me again in the next login (I accept the release of my attributes this time)

Upon choosing this option, you authorize the sharing of the information only during the current access. In the next times you login, this second screen will come up again for you to approve the release of the attributes.

Option 2: Ask me again if the attributes to be released for this service have changed (I accept that the same attributes are automatically sent to this service in the future)

In this case, you authorize the sharing of the attributes highlighted in the picture above, whenever you login to the same service, provided that there is no change to the attributes shared. If this happens, you will be notified again and will have to authorize the sharing of new information.

Option 3: Do not ask me again (I accept that ALL my attributes are delivered to ANY service of the federation)

When you check this option, as explained above, you accept that all of your attributes are delivered to any service of the federation. With that, this second screen will not come up again for you when you login to the CAFe services.

Please note! If you have checked options 2 or 3 of this second screen, but would like to change to option 1, for example, all you have to do is select the quadrant ‘Remove any permission previously granted of my attributes’ available in the first access screen (below).

These are the security news that Shibboleth 3 has brought for you. Shibboleth IDP is an open and free identity management software. Its operation is based on the use of the Security Assertion Markup Language (SAML), to generate a safe structure for information exchange between different domains.

The Federated Academic Community was built on the Shibboleth framework, and the client institutions have updated to Shibboleth 3 in their IDPs. The new version brings a series of corrections and functionalities that are not always perceptible for the end user, but which are essential for the stability and continuity of the service, such as greater data traffic security. The ones that are perceptible, for their turn, have been referred to above.