“The connection is secure” – These words contain a short but revealing piece of information. A valid certificate for a website indicates if it has a secure connection and sensitive data, such as passwords or bank data, are transmitted in a protected environment – this is also the case with RWTH Single Sign-On. The certificate for sso.rwth-aachen.de has now been replaced, as the existing one expires on July 28, 2021. Have you noticed this? Some services were temporarily unavailable during the changeover, but are now running again. We’ll show you why it’s worth taking a look at the certificate and what you should keep in mind when using the RWTH Single Sign-On.
To ensure authentication and authorization of users at multiple RWTH Aachen web applications, the IT Center operates a central single sign-on authentication service via Shibboleth. With one login, one is connected to many RWTH services. One user name, one password.
This saves time and the handling of numerous access data. This makes the access easier. But since so many applications depend on it, it is even more important to make sure that the access to RWTH Single Sign-On is properly protected.
Secure connection? How to check certificates
The safe connection can be ensured via certificates. These are integrated into the website and show website visitors whether the certificate was issued by a trustworthy authority. This means that you are on the right page and that your access is appropriately protected when you log in. Such a certificate is also stored for the RWTH Single Sign-On. In two steps you can make sure that you are really on the page you expect to be on.
1. Check the URL
2. Check the certificate
When using Shibboleth, all authentication requests are processed via the domain sso.rwth-aachen.de. So the URL-Line should look like this.
You can get details about the certificate by clicking on the small lock icon at the top of the URL bar in your browser. Depending on the browser this looks slightly different, a detailed guide with views from different browsers and further information on how to check a certificate in the browser can be found in IT Center Help. If you follow these steps, you will be a lot safer on the web. Conscious and attentive handling of URLs and certificates integrated into the website can protect you from unauthorized access.
A look and a click that are worthwhile.
You can find more useful tips on how to use the RWTH Single Sign-On securely in our blog post “Safety First – Secure Logout with RWTH Single Sign-On”.
Responsible for the content of this article are Marlen Helms and Stephan Krinetzki.