Authenticating on the www.wsu.edu
using the Network ID

If you have an account on wsunix, you can authenticate your www.wsu.edu web pages using the unique Washington State University Network IDs (NIDs). You can do this by incorporating a collection of perl macros called wsumacs into your perl cgi scripts.
NOTE: Only faculty, staff, departments and student organizations are allowed to use this authentication facility. To register your script name to use authentication, go to registration.
Take as an example the html script "authenticate.html'', which looks like this:

<html><head></head><body>
<form method="POST" action="authenticate.cgi">
Please enter private information below and press "OK".

<center><table border=5 cellpadding=5 align=center>
<tr><td>
<input type="text" name=private_info size=18 maxlength=90>
</td></tr></table></p>
<input type="submit" value="OK">
<input type="reset" value="RESET">
</center></form></body></html>

Which creates a page that looks like this:


The information they enter in the box will be sent encrypted to your cgi script. This keeps the information private, nobody on the internet can view it.

When the person viewing your page clicks on the "OK" button, they will execute the script you have indicated. In the above example, the script is "authenticate.cgi". As simply written as possible, this script would look like:

#!/usr/local/bin/perl
# authenticate.cgi
#
require "/cgi-bin/wsumacs.pl";

&INIT_Script;

&print_header("CGI test using authentication");

print CLIENT "The Network ID $netid is sending $FORM{private_info}<p> ";

&close_client;
exit;

The perl macro that does the authentication is &INIT_Script . If they are not yet authenticated (i.e. if they have not yet entered their NID and password) then they will get this authentication screen:

After they enter their NID and password, the script "authenticate.cgi" is run a second time and it will send the output back to the client's browser looking like:


You can try this out yourself by going to

http://www.wsu.edu/examples/authenticate.html

After being authenticated, you will see that the URL begins with " https " instead of the normal " http " . The extra " s " in " https " tells the web server to use an encrypted communication between your browser and the web server. You know this is working correctly if there is an unbroken key at the bottom of your browser that looks like:

This process supports most browsers (Netscape and Microsoft Internet Explorer). If you are using a browser other than these, you might get an error message, depending on whether your browser handles cookies and SSL v3 for encryption.

Logging Out

You should provide a mechanism for the person using your pages to be able to "logout" of your page and return to another page. This is a way you can destroy their kerberos ticket for them. You do this by calling the Logout.cgi script on www.wsu.edu. For example, if you wanted them to logout of your authenticated page and to go to the WSU home page you would say:

Press 
<A HREF=/cgi-bin/Logout.cgi?script=http://www.wsu.edu/> 
here to logout and go to the home page.</A>

That assumes your script already resides on www.wsu.edu. If the script resides on your own server, then you need to add the host name to the href:

Press 
<A HREF=http://www.wsu.edu/cgi-bin/Logout.cgi?script=http://www.wsu.edu/> 
here to logout and go to the home page.</A>