Skip to main content

About CUWebLogin

CUWebLogin allows you to access restricted web pages. It does this by presenting you with a secure web form that asks you for your NetID, GuestID, or WCMC CWID and associated password.

Most CIT-affiliated web sites that require authentication support the use of CUWebLogin. Web sites maintained by other departments frequently do, but it is possible that you may have to authenticate in another way. If you have questions about how to sign in to a web site that is not maintained by CIT, check with the department that runs it.

After logging in, you will be able to access multiple sites that support CUWebLogin without needing to type in your ID and password at each site. Remember that you have authentication credentials which someone else could use if you walk away from your computer. 

When you're done using web sites that require Cornell authentication, clear your credentials by closing ALL your browser windows and exiting your browser.

How CUWebLogin works

Understanding the sequence of events that occurs when you use CUWebLogin will help you to use it successfully. Here is what happens:

  1. Using your web browser, you request a restricted web page on a web server that is running CIT's CUWebAuth software. (See below for more information about CUWebAuth.)
  2. The web server redirects your browser to the CUWebLogin server to have you authenticate.
  3. You enter your NetID, GuestID, or WCMC CWID and password into the form on the CUWebLogin page, which is encrypted using SSL.
  4. If your password is correct, two things happen. CUWebLogin sends your credentials to the web site you are accessing (it does this through the redirect URL) and it stores a small data file, commonly referred to as a cookie, on your computer. The cookie indicates to other sites you go to later that you have authenticated so you don't have re-log in. This is convenient, but it also means that it is important to clear the cookie by exiting or quitting the browser when you are done. Otherwise, someone else could use your credentials to access restricted sites.
  5. The CUWebLogin server redirects you to the original page that you requested.
  6. The web server confirms that you have authenticated successfully and gives you the restricted web page.
  7. How long your session lasts depends on how the site is set up and is usually related to how sensitive the information on the site is. Resources or services that permit access to sensitive information will prompt more frequently. As noted in 4, above, most sites will accept credentials established at a login for a previous site, in which case, you would not have to re-type your ID and password to get access.

About CUWebAuth

CUWebAuth is software that allows web-based applications to integrate with Cornell's central authentication and authorization systems, currently based on Kerberos and Active Directory groups.

More information about CUWebAuth.