WIND Authentication

As of November 1, 2016, WIND authentication is no longer supported.

Beginning in July 2014, CUIT asked web application developers to use CAS rather than WIND for web authentication. Please see the documentation for CAS clients for further information.

This documentation provided for historical purposes only.

WIND is the recommended authentication method to use if you are developing a web application that will run on a server other than Columbia's central secure server.

If all of these are true:

  • You are developing a web application (using PHP, Java, ASP, etc...).
  • You are not using a CUIT managed server.
  • You have a need to authenticate members of the Columbia community.

then WIND is likely to meet your needs.

WIND allows web application developers to confirm a visitor's affiliation with Columbia without ever directly requesting a Columbia password. In order to authenticate, the visitor is redirected to Columbia's central secure web server.

You should give strong consideration to using SSL (https) and not plain http for any web application which uses WIND. Besides enhancing data privacy, SSL greatly improves the security of user sessions which your web application might maintain via cookies or URL rewriting.