Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Lafayette Federates Ticketing Function with UniversityTickets

Lafayette Provides Students With SSO Ticketing Convenience.

September 2009

Download PDF

Solution Summary

Lafayette College used their existing university-issued credentials to integrate with UniversityTickets to provide students with a campus event ticketing service.  This arrangement accommodates for both the needs of UniversityTickets as well as the security and privacy concerns of Lafayette.


Products & Services

Community Resources

UniversityTickets provides simple, cost-effective ways for colleges and universities to sell tickets and collect payments online. The company provides comprehensive ticket services, as well as options to improve box office operations, ticket and merchandise sales, and event marketing.

Lafayette College, in Easton, Pennsylvania, enrolls more than 2,300 students in 45 academic fields. The undergraduate-only, academically competitive college was founded in 1826 and has an endowment of about $780 million.

The Problem

Lafayette sought to provide student-only tickets to campus events through an agreement with UniversityTickets. The Dean of Students office worked with the company, but ran up against the challenge of providing user IDs and passwords for all 2,300-plus students.

“I received a call from the dean’s office wanting to know if we could provide access to our LDAP server to authenticate students for this service,” said Bob Bailey, senior applications developer at Lafayette. “As you provide more access to your server, you increase the risk. If someone compromises another system, and you are linked to that system, you are compromised, too. We don’t want our user IDs and passwords going through a third-party website.”

The Solution

Lafayette had already found just the ticket for resolving the user ID and password issue with some of its other resource providers, including library applications and the Moodle course management system. The solution was to federate those applications through InCommon.

With InCommon, individuals can use their university- issued credentials for access to a number of services. Since identity providers do not send actual user IDs and passwords, user privacy is protected. Service providers can leverage an existing identity management system, rather than create a separate user database, simplifying the process for a user and minimizing concerns about security breaches and data spills.

Responding to that phone call from the Dean of Students, Bailey introduced his counterparts at UniversityTickets to the InCommon Federation, and Shibboleth Single Sign-On and federating software. “They had heard of Shibboleth, but had not tried it,” Bailey said. “They also had an inquiry from another university to do the same thing.”

"UniversityTickets has worked with many higher education clients to implement single sign-on integration with their ticketing systems,” said UniversityTickets Vice President Gordon Capreol. “However, in the past, every SSO integration was a custom approach requiring new development and testing. In addition, previous SSO integrations were mixed in terms of the level of security they provided. We were impressed with InCommon's approach to providing a standardized mechanism for higher education clients to share authentication data in a very secure manner."

The Result

“We were impressed with InCommon's approach to providing a standardized mechanism for higher education clients to share authentication data in a very secure manner."

Gordon Capreol, UniversityTickets

UniversityTickets joined InCommon and installed the Shibboleth service provider software. Now, through the federation, Lafayette verifies student identities. The student, with no unique user credentials to remember, gains immediate and convenient access to student-only benefits for campus athletic, performing arts and other events.

“We are getting more and more protective of IDs and passwords,” Bailey explained. “By using Shibboleth and InCommon, you don’t let any user IDs or passwords outside of your own servers. Once you have this set up, adding additional services is relatively simple.”

"InCommon allows us to accomplish the business needs in the box office while, at the same time, satisfying the security and privacy concerns of our clients,” said Capreol. “Just as important, InCommon provides a consistent, easy to replicate, and easy to maintain system for campus authentication."