If you want to restrict your website to the USC community, Shibboleth is the recommended method. Shibboleth is a tool that allows members of a particular community to sign in once, and then access other resources without having to sign in again. In other words, Shibboleth allows for "single sign-on" (SSO). You can think of this as "logging into USC" (using your ITS username and password) and then having access to USC resources from there.
For advanced users, web developers, and system administrators, Shibboleth also allows you to restrict web content to a particular group of users. Shibboleth also supports internal, inter-department and inter-institution authorization without ever exposing identifying information (unless desired).
Note that ITS has replaced Pubcookie with Shibboleth and no new deployments of Pubcookie are planned.
On Shibboleth-enabled ITS Servers
If you are on a Shibboleth-enabled ITS server like www.usc.edu, you can protect any directory with a .htaccess file. Simply add:
require affiliation ~ ^.+@usc.edu$
You are now using Shibboleth to protect your webpages and only the USC community has access.
If you want to limit access to a specific group of users, you can replace the 'valid-user' term with a list of usc usernames, e.g.,
and can omit the line 'require affiliation ~ ^.+@usc.edu$'.
require user ttrojan jdoe jsmith
On ITS-Controlled servers without Shibboleth
If you suspect shibboleth isn't installed on your server (i.e. the above doesn't work), please request a shibboleth installation by emailing firstname.lastname@example.org.
On non-ITS-Controlled servers
One of Shibboleth's biggest advantages is that it allows non-ITS servers to securely authenticate users via ITS. Departments or organizations wishing to use shibboleth to protect resources on non-ITS machines should email email@example.com.
December 14, 2010