Skip to main content

Keep Up with IAM Best Practices

Columbia University

Extending WebSSO to the Cloud

Institutions need the convenience and security of accessing data and collaborating in the cloud. Google Apps for Education is gaining tremendous popularity among higher education institutions as an answer to this need. Columbia University decided on Google Apps, and needed to extend their local proprietary Web single sign-on (WebSSO) system (called WIND) to the cloud.

For almost ten years Columbia University had been running WIND and integrating it with various on-campus applications. When the time came to roll out Google Apps, they considered the effort required to extend WIND again, and decided it was time to consider a more standards-based approach that offered the promise of less development, and faster deployments. They turned their attention to the Central Authentication Service (CAS), an open source WebSSO application maintained as an Apereo Foundation project with collaborators around the world. CAS provides authentication and WebSSO for cloud-based applications.


Columbia engaged Unicon to leverage their considerable expertise in enterprise WebSSO and CAS. Together they worked out a plan to extend CAS with a customization that would allow their existing home-grown system to continue to work, allowing a more reasonable migration plan. Unicon extended the CAS server to speak WIND protocol so that Columbia's existing WIND clients could migrate to the CAS server with a simple configuration change. This paved the way for deploying CAS for Google Apps and ensuring they had a robust WebSSO platform that could span from local to cloud.