Developer Guide

Using Columbia Design System

Check here often for step-by-step instructions on getting the most out of this system. The guide provides handy references to University branding and security guidelines as well as information on accessibility, usability, and domain names and other helpful advice. Start with the items below:

1. Request access to the University code standards
    
2. Review the brand guide
    
3. Familiarize yourself with the usability guidelines
    
4. Plan to meet the accessibility standard
    
5. Learn about the process of applying for a columbia.edu domain
    
6. Check out the release notes to catch up on the latest
    
7. Ask for help if you get stuck
    
8. Give back by contributing code or designs
    

There are several options for integrating Columbia Design System into your project:

1. Check browser compatibility
    
2. Read the JavaScript documentation
    
3. Plan for single sign-on
    
4. Understand the security requirement

Browser Compatibility

Columbia Design System supports the latest two versions of these browsers:

• Google Chrome
   
• Mozilla FireFox
   
• macOS Safari
   
• iOS Safari
   
• Microsoft Edge

JavaScript Documentation

Columbia Design System is based on Bootstrap version 4.6. Please follow the Bootstrap documentation for incorporating JavaScript plugins.

Single Sign-on at Columbia

Columbia uses CAS and Shibboleth to provide UNI-based authentication and single sign-on for applications that run in a web browser. These services also give applications access to a limited portion of the user’s role and demographic information from the University LDAP service to assist applications in account creation, customization, and authorization. Authentication involves verifying a user’s identity, while authorization involves deciding what resources a user may access.

Shibboleth and CAS support different authentication protocols. Shibboleth is Columbia’s SAML 2.0 provider and is often described as an “identity provider” or “IdP.” If your application requires SAML 2.0, it should use Shibboleth. Otherwise, CAS is recommended since it is simpler and generally easier to set up. Both are widely supported within higher education.

The first step in setting up authentication for your application is creating a ServiceNow request for CAS or Shibboleth. Not sure which service is appropriate? Request CAS and your request will be transferred to Shibboleth if necessary.

Web Application Security

CUIT's Office of the Chief Information Security Officer advises on best coding practices and conducts application code scanning. The team also offers review and consultation on application change management practices.