Web Auth & Accessibility Validation Tools

Wednesday, June 13, 2007

We held elections for the 3 group leadership positions:

  • Chair: Michael Tierney
  • Co-Chair: Cheri Darling
  • Secetary: Tracey Hummel

Web Auth

Gary Windham

Attachment: Central Authentication Service (ppt)

Central authenication Service (CAS) is the software used for UA's webauth. CAS has become the standard for single sign on for the educational institutions

Webapps don't need to handle passwords using web auth. Without using it, if one system were compromised, all the system could be compromised. The protocol relies on HTTP/s and XML. authenticates without sending password. CAS prevents illicit proxying of service tickets.

CAS 2.0 provides an “extended” (XML) ticket validation response

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>

<cas:NetID Attribute n>value</cas:NetID Attribute n>

contains attributes from user's NetID directory (LDAP) entry attributes such as employeeId or dbKey can be used to make simple authorization decisions, or as keys into external data sources (e.g., UIS)‏

PHP5 Code Example:
define("CAS_BASE", "https://webauth.arizona.edu");
define("CAS_LOGIN_URI", "/webauth/login");
define("CAS_VALIDATE_URI", "/webauth/serviceValidate");

$host = $_SERVER["SERVER_NAME"];
$port = $_SERVER["SERVER_PORT"];
$uri = $_SERVER["PHP_SELF"];

$proto = "http" . ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "s" : "") . "://";
$service = $proto . $host . ":" . $port . $url

if (!isset($_REQUEST['ticket']))‏

// redirect to CAS login page
header("Location: " . CAS_BASE . CAS_LOGIN_URI . "?service=" .
urlencode($service . (!empty($get) ? "?$get" : "")));

else {
$serviceTicket = $_REQUEST["ticket"]; // ST

// rebuild 'service' parameter with querystring intact

$get = null;
foreach ($_GET as $k => $v) $get .= '&'.$k.'='.$v;
$get = substr($get,1);

// construct validation URL

$url = CAS_BASE . CAS_VALIDATE_URI . "?service=" . urlencode($service . (!empty($get) ? "?$get" : "")) . "&ticket=" . $serviceTicket;

$response = @file_get_contents($url); // validate service ticket

// parse result of validation

$xml = simplexml_load_string($response);
$nodes = $xml->children('http://www.yale.edu/tp/cas');
if ($nodes->authenticationFailure)‏
echo 'CAS Authentication Failed!
Error = ' . $nodes->authenticationFailure;
else {
echo 'CAS Authentication Succeeded!
User=' .
echo '
UAID=' . $nodes->authenticationSuccess->dbkey;

* UA NetID Application Programmer's Guide (pdf)
* JA-SIG CAS Homepage
* NetID/WebAuth support listserv: netid-admin@listserv.arizona.edu
* Request WebAuth ticket validation access


Website Validation Tools

Dawn Hunziker
Disability Resource Center
Accessibility Resources Website

  • There are new w3c standards, web content accessibility guidelines from version 1 to 2. New standards in response to new technology. Developers are trying to include the new standards in to their software.
  • WAVE is nice for graphic designers because it provides a very graphical results page. WAVE 4.0 will be released soon. can install tool bar; allows you to click through your site to check multiple pages.
  • Internet explorer also provides a toolbar -- AIS Accessibility toolbar; available from webaim > resources > AIS accessibility toolbar;
  • ua provides AcVerify sitelicense software for windows. contact dawn for url to download the software for windows.
  • Dawn will also run a report for you can install it yourself.
  • Q: What if the page requires authentication -- Acverify will allow you to check that it requires auth and gives you a screen to add the auth information.
  • You can set it to crawl just your website, and ignore external links; can have it check just on portion of a website. allow you to set your priorities: w3c or 508. Dawn will set up a workshop to go through this.
  • Dawn will provide a general accessibility workshop on July 10th.
  • Q. How accessible is the UA? -- up to 40% from 20% a few years ago but just checking alt and title tags; Validation tools do not check usability features, colors. Vischeck check for color contrast;
  • Q. how does it work with AJAx? Firefox has a tool you can install as a tool bar that can check. If the validation does not check it; Dawn will view the site using a speech reader.
  • PDF files: you need to create pdfs in the correct way in order for them to be accessible; use drop down to "convert to PDF" rather than a go to file "print to PDF" which will create an inaccessible graphic. In order to make a PDF form accessible, you need to use Adobe Professional. Dawn can an accessible pdf form for you if you do not have the Professional version. Image only pdfs are not accessible.
  • Q: If you have pdfs that were created the wrong way, can you resave them? You would need to go back to the original to correct it; If you have a bunch of pdf files that are not accessible, provide contact information so someone can contact you for an alternative format.