BUTUnifiedauthentication
infrastructure

New login

During the summer of 2024, the BUT information system VUTIS and other systems will get a new look of login dialogs. Although from the user's point of view it will be a change in the graphical form of the login dialogs, in reality it is an important technological step implemented within the CIS project of the BUT unified authentication infrastructure.


How will the changes affect you?

Although this is a technically and organizationally demanding matter, the entire process of transition of individual systems is designed so that the impact on users is as minimal as possible. In fact, the only observable change will be the gradual replacement of login dialogs for individual systems and applications. In the new environment, we have prepared for users the option of changing the color mode. You can change the mode by clicking the moon/sun icon in the upper right corner.

The key changes are concentrated in the off-semester period, when individual applications will be transferred to the unified BUT authentication infrastructure. The schedule of individual systems connection is shown below.

You can test the login dialog in advance at the address https://id.vut.cz/



Frequently asked questions concerning login change

  • What is the BUT unified authentication infrastructure?

    This is a service that enables single and secure login (Single Sign-On) to all BUT systems and applications operated both directly on the BUT premises and to external systems. This means that users do not have to repeatedly enter login data (BUT login and password) into these systems.

  • Why are login changes necessary?

    The current system of logging into individual applications was created more than ten years ago and, due to its monolithic architecture, currently represents an obstacle in the development of other VUTIS modules. It also limits the implementation of other security elements, such as multi-factor authentication, authentication via hardware security keys or the BUT mobile application. The transition to the new unified authentication infrastructure is a necessary technological step that conditions the further development of VUTIS and other related systems.

  • Why does the new login dialog look different from the original one, couldn't it be preserved?

    In the future, the new authentication infrastructure provides for modern authentication methods, such as hardware keys, authentication via a mobile application or the use of biometric data. For that reason, it was already necessary at this stage to prepare the login dialogs in such a way that they would accommodate these new login methods in the future.

  • Will the change also apply to logging into IS Apollo?

    Yes. Considering the scope of the change, the implementation will be divided into two phases. In the first phase, the option to log in using the existing method will be maintained, the login dialog will be supplemented with an alternative option to log in via the BUT unified authentication infrastructure. The new login will be required if a different authentication method than just a username and password is set for user login.

  • Will the change also apply to logging into the My BUT mobile application?

    Yes, sign-in changes will affect all apps over time, including mobile apps. We will provide more detailed information on the changes to the mobile app login during June as part of the transition schedule below.

Schedule of the transition period

  • May 2024

    • Test operation of the new authentication service interface
    • Connection of the NETIS network management system
    • Connection of CIS wiki, doc.vut.cz
    • Making the application available for user account management https://id.vut.cz

  • June 2024

    • Connection of the travel orders application
    • BUT slides
    • BUT web API (vut.cz/api)

  • July - August 2024

    • Decline of the BUT disk service web interface
    • File service connection
    • SAP Fiori connection
    • EduID connection
    • E-Application connection
    • Teacher connection
    • Moodle connection
    • Studis connection
    • Intraportal connection
    • G-Suite connection
    • Alternative login in the Apollo system

  • September 2024

    • Microsoft 365 connection

Next steps

The next steps are the subject of the BUT unified authentication infrastructure project, but at the moment they do not yet have a detailed schedule for implementation.

  • An experimental environment for multi-factor authentication.
  • Experimental environment for passwordless login.
  • Support login via mobile app.
  • Dropping native login support in Apollo.
  • Support for logging into the Active Directory domain with the @vut.cz identity
  • Revision of the processes related to the transfer of initial passwords
  • Connecting the authentication service to bank identity systems and, where applicable, citizen identity.

Information for programmers, developers and application administrators

Technically, the BUT authentication infrastructure is implemented above the standard OpenID Connect/OAuth 2.0. If it is impossible to use the OpenID Connect/OAuth standard, it is possible to use the protocol as an alternative SAML 2.

OpenID Connect/OAuth2 - configuration data
Configuration data is available at

https://id.vut.cz/auth/.well-known/openid-configuration

We strongly recommend implementing dynamic loading of endpoint addresses for OIDC/OAuth2 (for custom implementations) from metadata and automatic download of public keys when using ID Token from OIDC

Application preparation
CIS has prepared a sample PHP client (SP) to simplify the connection of PHP applications to the authentication service. 

Application connection
Application must be requested through the helpdesk system. The request must be approved by the faculty system integrator.

Alternative use of SAML 2
All data is available in the metadata file.

To connect a service (SP) via the SAML 2 protocol, it is necessary to fill in and approve the service implementation guide according to service catalog.

Nahoru