Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn
The following instructions apply to using Websec to authenticate for web applications. Websec was retired in December 2009 and replaced by a new authentication system, Penn Weblogin.

Using the Websec Module to Create PennKey authenticated Web Applications


The Websec module has been developed so that application providers may easily create PennKey authenticated web applications. By using the Websec module, these applications will only allow access if the user has successfully identified him/herself by entering a correct PennKey and Password combination. Once the user has been identified to the service, the application may perform its own means of authorization to determine if it should grant access to the user.

Using the Websec approach, an application passes a user to ISC's PennKey authentication webserver. Once authentication has taken place on ISC's webserver, a token is passed back to the application provider's webserver, where the remainder of the application control will take place. Using the example client provided in the Websec distribution, the application then verifies the validity of the user by querying the Websec database for information about that token. If the token is valid, the application can be certain that the user has successfully PennKey authenticated himself/herself. The application may then continue to use the Websec token mechanism to check the user's validity on each page of the application. Alternatively, the application may wish to use its own mechanism to maintain state. Once the application is done with the Websec token, it must explicitly expire (remove) it from the Websec module's token database.

At minumum, it is expected that developers using the Websec module have experience with maintaining a webserver and developing web applications using CGI. Information on CGI, or the Common Gateway Interface, is available from NCSA's home page.

Steps for Creating a PennKey authenticated web application

  1. Understand the Websec module's flow of control.
  2. Register your application with ISC. PennKey authentication required. Please be prepared to supply three security passwords for your application.
  3. Download the Websec client. You must be authorized to download the Websec client and must send mail to to get authorization.
  4. Develop your application using the Websec client.

Using PennKey authorization in web applications

While Websec can authenticate a user, an application may have a further need to determine if that user is then authorized to continue in the application. ISC has written generic utilities to provide basic authorization to select subsets of Penn Community members. The logic within the utilities can be used to authorize students; faculty and staff; or students, faculty and staff. More information on these utilities is available. Access to Penn Community and the underlying table structure is necessary to implement these utilities.

Note: Additional steps are required if you wish to use your own, customized authentication and login pages. We only provide limited support for this option. Additional steps and skills are also required to use the Penn Community authorization utilities, which are supported by ISC AIT/Data Administration.

Information Systems and Computing
University of Pennsylvania
Comments & Questions

University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania