HKUST ITSO AI Chatbot

Important reminder

Please do not disclose personal data such as your HKUST account number, staff/student ID or name in the chatbot. Information provided will be retained to enhance system performance.

By using the HKUST ITSO Chat service, you confirm that you have read, understood, and agreed to the Disclaimer

Log in to access additional information for your user group in addition to the publicly accessible content.

Send Icon
Applications and Security Practices

The HKUST Central Authentication Service (CAS) single sign-on solution has been designed to provide secure access to web applications using your HKUST Account. The system employed is the JA-SIG Central Authentication Service package.

Benefits of Single Sign-on

This is a session/user authentication process that allows you to provide your credentials one-time only during a session to access all the applications you are authorized to enter. Web single sign-on works strictly with applications accessed with a web browser. The request to access a web resource is intercepted either by a component in the web server or by the application itself. Unauthenticated users are diverted to an authentication page and only given access after successful authentication.

Several HKUST services already make use of CAS for authentication and more are on the way. Examples include Print Budget Purchase, etc

Latest Upgrade

In 2012, ITSO upgraded the CAS server to the 3.4 release. This version offers:

  • The standardized SAML 1.1 protocol primarily to support attribute release to clients. An example of a CAS request/response for a successful ticket validation can be found in the JA-SIG wiki on SAML 1.1 Support.
  • Better support for browsers such as Chrome and Safari on Windows and Mac OS X platforms.
  • More robustness as the CAS server runs in a high availability cluster.

Note the new login page and read the updated FAQ section on using the server.

How to Deploy CAS

If your department would like to use CAS for its web applications, you will need to write a small amount of custom code to handle the required authentication. You should refer to CAS URLs and Client Libraries for details.

NB: CAS provides authentication to all valid HKUST Accounts. It does not provide any access control and it is up to your application to determine who is authorized (allowed/disallowed) to access your system.

Security Practices

Check URL before login

Before entering your account name and password into CAS login form, always check the page’s web address and make sure it reads https://cas.ust.hk/cas/. This is to prevent being scammed into supplying your account name and password through a look-a-like fake page.

Remember to logout

Don’t forget to logout or close all your web browser windows when you finish using services requiring authentication. Completely shutting down your browser by closing all windows is the safest way to ensure you have logged out of all areas.

NB: To prevent unauthorized access, the system will automatically “time out” after two hours’ idle time. You will need to login again after CAS has timed out.

Support

General Enquiries cchelp@ust.hk
Suggestions & Complaints cclisten@ust.hk
Serviceline +852-2358-6200