Applications & Databases
Application Development
KU Information Technology provides custom programming and database integration for web and mobile-based applications. Expertise includes application development, database integration, user interface design and implementation services.
Services Include
- Application development expertise
- Database design and Integration
- Custom user and administrative interfaces
Benefits
- Strong team of KU developers who can provide best practices and quality design.
- Team environment, so that if one developer is absent, another can take over.
- Agile approach to help you get up and running quickly with your application.
Availability
Determined by scope of project and scheduling of developer resources. If KU resources are not available, we can help locate and recommend an external developer. The KU IT bench process has been developed to assist KU IT in meeting our customers’ needs by providing project work when KU IT resources are fully tasked or not appropriately skilled for the technology required for a project.
KU IT, working in partnership with KU Procurement, has established a list of pre-approved vendors that can quickly be contracted to perform IT functions when needed. The pre-approved vendors have all signed a standard Master Services Agreement and are prepared to quickly respond to technology project requests. Vendors self-identify against a set list of credentials, and new vendors can easily be added to the approved-vendor list.
Cost
$60 per hour. Project estimates and consultation are free and available on request
Application Support
KU IT has experienced application administrators that can assist you in the installation, configuration, and maintenance of your application. Our Linux/Unix and Microsoft experts can give you advice and direction on best practices for running your application. They can also assist with SSL Certificates to ensure your servers are as secure as possible.
Service Commitment
We value:
- Collaboration and interaction with motivated clients to produce sites and applications that meet their needs and the needs of their users
- Development as a rapid iterative process that regularly gathers feedback from clients and users
- Simple and understandable solutions that deliver working and sustainable sites/applications
- Continuous efforts to stay current with emerging technologies, security and the needs of the University and its researchers
Authentication & Identity Management
KU Online ID integration with research systems can occur through multiple methods. KU IT provides a variety of standard identity management services.
Login services include:
- Central Authentication Service (CAS)
- Shibboleth (SAML)
- Active Directory Federation Services (ADFS or AD FS)
- Lightweight Directory Access Protocol (LDAP)
Description and additional details are below. These standard authentication methods can be implemented at no cost. However if there are non-standard requirements, KU IT can assist in finding the optimal solution for additional cost (the hourly KU TI service rate will apply).
To request KU authentication assistance, begin by contacting the Research Support Team.
Login Service Details
The Central Authentication Service (CAS) is a single sign-on (SSO) protocol for the web applications. Its purpose is to permit a user to access multiple applications while providing their credentials (such as user id and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password.
In addition to "validating a user's security credentials" or "authentication," KU's CAS server can be configured to provide user attributes that applications can use to authorize a user's access.
CAS can only authenticate the user, it is up to the application to authorize the user. CAS is a commonly used protocol in higher-education.
Shibboleth is a single sign-on (SSO) protocol for web applications. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.
Shibboleth uses the Security Assertion Markup Language as it's protocol, so it is also interoperable with any other tool using the SAML protocol.
As with CAS, KU's Shibboleth Identity Provider (IdP), can be used to authenticate users as well as being configured to provide user attributes that applications can use to authorize a user's access. At KU, our IdP is integrated with CAS. So, anyone already logged in via CAS (e.g., myKU, Canvas, etc…) will not be prompted to login again with Shibboleth.
Shibboleth is commonly used in higher-education, but it's main strength is supporting federations. Applications can configure their Shibboleth Service Provider (SP) to provide the end-user the ability to select their home-institution's IdP, allowing users from many different institutions the ability to log in.
Some of the commonly used federations are InCommon, EDUCAUSE, and eduGain.
Active Directory Federation Services, is a single sign-on platform used primarily for Microsoft applications. At KU, ADFS is integrated with Shibboleth/CAS such that any user already logged in to myKU, Canvas, myCommunity, etc. will not be prompted to enter their credentials again to log into other applications. ADFS is also capable of participating in SAML based federations.
Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing directory information services. LDAP is mostly commonly used for application authentication, and retrieving information used to authorization.
There are two key disadvantages to using LDAP:
- The application has to capture the user's security credentials (KU Online ID and password). With CAS/Shibboleth/ADFS, the user's credentials are only entered on a centrally controlled/maintained server.
- The application then has to attempt to bind to the LDAP directory as that user to validate the credentials. If the credentials are valid, the application must then re-bind to the directory a service/agent account to retrieve the necessary attributes to authorize the user.
With this setup, single sign-on is not possible, and the user must enter their credentials every time they need to access the application, regardless of any other logins to myKU, Canvas, myCommunity, etc.
KU IT only recommends LDAP when none of the other options are possible.
Attributes for Authorization
Before KU IT can configure release of any user data attributes for an application, permission must be received from the owner of that data. For example, KU Human Resource Management, KU Registrar, KU Card Center, etc.
KU Group Lists
A KU Group List can be used to control access to your application. When a user has logged in, one of the attributes that can be provided is their group memberships. If access to an application is restricted to a particular group, examining the user's group memberships is a good way to authorize them.
Integration with KU Core Systems
KU IT can assist and coordinate integration between your application and core KU systems, such as Campus Solutions, Canvas, etc. To request integration support, please contact the Research Support Team.
Database Services and Support
Database services and support, including advice on installation, backup and best practices, are available for Oracle, MS SQL and MySQL servers.
Professional planning and preparation assistance from KU IT Database Administration (DBA) services can help ensure the integrity and stability of your data through design, backup and decommissioning phases.