WebISO Authentication in the SCS Web EnvironmentWebISO is a mechanism to provide authentication for web-based services. It allows you to use your SCS or Andrew Kerberos userid and password to verify your identity for web services such as webmail or LDAP lookup. When you first connect to a web service that uses WebISO authentication, you will be presented with a login screen. Once you enter your credentials, you will then be directed to the web service.
In addition, WebISO provides the convenience that your identity information is remembered so that you do not need to re-enter it to access other WebISO services (until you close your browser).
There are two different WebISO services that you will encounter in the SCS web environment: one run by CMU Computing Services and one run by SCS Computing Facilities. These are used by different web services, look somewhat different, and require somewhat different credentials. These two WebISO services are described next.
SCS Computing Facilities WebISOThe WebISO service (maintained by SCS Computing Facilities) is used primarily by the SCS Webmail server. When you connect to a web service protected by the SCS WebISO service, you will see the following login page:
The page clearly identifies itself as being from the SCS WebISO server, and has prompts for your User ID, Password and a selection for either your regular login instance password or /mail instance password.
If you are accessing SCS Webmail from an untrusted host (a Web kiosk, a cluster machine, or other public host, for example), it is highly recommended that you use your Kerberos /mail instance to log in to WebISO. Select the /mail radio button in the Instance field of the WebISO login page and type your /mail instance password into the Password field.
If you are accessing SCS Webmail from a trusted host (your desktop workstation, for example) you may log into WebISO with your standard Kerberos username and password.
Andrew (Computing Services) WebISO ServerThe Andrew WebISO service (maintained by Computing Services) is used by many other SCS services (Corvid LDAP lookup, Kerberos Instance management) and CMU/Andrew services (Oracle, MyAndrew, Andrew Webmail, etc).
The page shows the Carnegie Mellon title, identifying itself as being the Andrew WebISO service. You can also see the prompts for User ID, Password and a drop-down field for the authentication realm.
Since the Andrew WebISO service is used by many different organizations, you must be careful to use the correct authentication information. If, for example, you are connecting to the CMU Oracle service, it will require you to use your Andrew User ID and password. In this case, you should leave the "ANDREW.CMU.EDU" realm selected when you enter your User ID and password information.
If, on the other hand, you are connecting to a SCS service, such as the Mailman mailing list administrative page, the Corvid lookup page, or another SCS service, you should select "CS.CMU.EDU" from the realm dropdown box, and use your SCS User ID and password information.
Common ProblemsIf you have logged in through the Andrew WebISO service using one set of credentials (your Andrew User ID, for example) and try using another web service that needs a different set of credentials, your access may be denied or fail silently.
As an example, say that you need to access the campus Oracle web pages. This access requires your Andrew credentials, which you provide and then have access to the web service.
Later in the day, you decide to access the SCS Corvid Attributes Lookup web page. This page normally requires your SCS login credentials, but since you are already WebISO authenticated, you are not prompted to log in. Instead, when you try to use the web service to access your Corvid attributes, either the search fails, or you cannot access functions to change your attributes.
In this case, you must completely exit your web browser to clear all of your WebISO cached credentials. Then, when you try to access the SCS web service, you will be prompted to enter your identification and it will proceed correctly to the web service.