How-to: Use Case’s Single Sign-On (SSO) service to track visitors to your website
All Posts, How-To's October 25th, 2006Premise
Case incorporates the JA-SIG Single Sign-On service as a way to offer convenient, cross-service authentication on services like the Case wiki, blog, and Blackboard. The basic idea is that a user connects to a service (let’s say blackboard.case.edu), which in turn forwards them to the login.case.edu SSO service. The SSO service issues the user a ticket for that service. On consecutive connections to blackboard.case.edu, the server checks the ticket submitted by the user against the SSO service to see if the user is still logged in. If yes, the session continues. If not, they are requested to log in.
Tracking Visitors
The SSO service provides a ‘user look-up function’ that allows web developers to take user-submitted tickets and see what Network IDs are registered to them. This is how Blackboard knows that you are abc123 when you log in. This also allows web developers the opportunity to track website visitors, even if their site doesn’t require authentication for anything. I set up a demo page here. You can click on the link at the bottom to see the other Network IDs I’ve recorded.
So What?
This feature allows visitors of the site to be tracked and targeted for advertising. Anyone with a computer on the Case network can use the SSO service to track visitors to their website. It would not be a stretch for people to use this information, combined with LDAP to match Network IDs to real names and the IP Subnet lookup page, to determine who accessed their site, and from where. Based on this information, you could determine plenty about your users and how they’re using your site. A simple JavaScript snippet could call the X and Y coordinates of the user’s mouse and asynchronously send them back to the server. Later, those coordinates could be played back to see the user’s mouse movements and gestures. Do some people highlight the text on your page with their cursor? Maybe that’s because your shoddy CSS makes the text look indistinguishable from the background.
By being smart about user tracking, you can glean a lot of information about your site’s visitors.
Popularity: 14% [?]
October 27th, 2006 at 3:59 pm
Thats pretty interesting, I remember in one class there was an individual take home test posted on blackboard. The professor kept track of who did not log in with a case id but still submitted in answers. I guess such tracking can be used for any purposes, from advertising information to surfing habits. Did you notice how I messed up the security code because it was hard to read?
October 27th, 2006 at 7:10 pm
I set up the demo page just to demonstrate the possibility of using SSO to track users, but I don’t actually employ it on my site. The reason for this is because some time login.case.edu is really slow, which would cause my site to slow down too. I’ve been considering changing the settings on the security code, to make it a little easier to read. I think I can make it less blurry, which should help. Thanks for you comment!