Standardisation of host names of the login server (SSO) at login.tu-darmstadt.de

As a user of the SSO, you do not have to do anything, this message is for your information only.
If you are the operator of a system connected via the CAS protocol, please read the message carefully.

When merging the old internal and external SSO servers, the new hostname login.tu-darmstadt.de was introduced.
The old hostnames sso.tu-darmstadt.de and idp.hrz.tu-darmstadt.de are still available.
Due to the increased number of phishing attacks recently, these old hostnames will be gradually taken out of service over the next few weeks in order to simplify communication.

On 21.06.2023, a redirection will be switched so that all login processes will be redirected to the new host name. Also, the endpoint URLs in the metadata [1] will be changed to the new host name.
Therefore, from this point on, no login requests from users should arrive on the old host name.
In the following weeks, we will monitor which systems continue to send requests to the old host names. In these cases, the responsible persons will be contacted directly.
It is planned that the old host names will be deactivated by 13.07.2023 at the latest.

• As the operator of a system connected via the CAS protocol, please check whether you are using login.tu-darmstadt.de as the base URL for the login.
• As the operator of a system connected via the SAML protocol, please check whether you regularly update the metadata from the URL [1]. If you work with local metadata copies, you have to adjust the endpoints accordingly. The EntityID of the Identity Provider remains the same.

Current configuration information can be found under [2]. Necessary adjustments can also be made before the changeover.

If you have any questions, please send an e-mail to idmadmin@hrz.tu-…

[1] https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-local-312-metadata.xml

[2] https://www.hrz.tu-darmstadt.de/services/it_services/tu_id/sso_1/anbindung/index.de.jsp