Clubs websites can be integrated into RPI’s SSO environment. We recommended using Shibboleth SP which integrates into Apache for best result, but we can also support SAML2 libraries that are being activity developed or part of an application.
A website owner contact information must be included in the request and needs to be maintained and attested to every 6 months. If site administration is handed off to someone else, a ticket needs to be submitted to update the registration. Registration may be confirmed via an email, and if the site is not attested to, the integration will be revoked. If the site goes dormant for more than a year, we reserve the right to remove the SSO integration, whether that's authentications or content on the site that is not updated, etc.
The site needs HTTPS setup with a valid certificate. The site needs a score of B+ or better from SSL Labs: https://www.ssllabs.com/ssltest/
For sites based on WordPress, RPI has a baseline set of requirements to maintain integration with the SSO environment:
- WordPress, themes, and plugin auto-updates need to be enabled.
- Wordfence should be installed.
- A security group will perform routine vulnerability scans against the site.
- Issues found in scans need to be addressed within the time frame allotted for a vulnerability with a firewall exception as outlined in section 3.2 of the Vulnerability Management Policy.
- The Vulnerability Management Policy can be found here: https://policy.rpi.edu/policy/IT_Vulnerability_Management_Policy