Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,

Slides:

Advertisements

Similar presentations

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Advertisements

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

Catherine Metcalf | Dec U.S. Department of Education 2014 FSA Training Conference for Financial Aid Professionals Introducing the FSA ID - The FSA.

Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

1May 2006 – Unit Liaison Meeting Two-Factor Authentication Project MToken Distribution Bill Wrobleski MAIS Joint UL Meeting May 24, 2006.

CUWebAuth Technical Presentation Pete Bosanko Identity Management Team.

Authenticating REST/Mobile clients using LDAP and OERealm

The Dr ü G Book: An Intro to Drupal The Dr ü G Book: An Intro to Drupal (Dr ü G: Drupal User ’ s Group - users, not developers) This is an introduction.

Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.

INCOSE.ORG MIGRATION SharePoint 2013 Presented by Betty Morimoto.

CSCI 6962: Server-side Design and Programming

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

The Central Authentication Service (CAS) Shawn Bayern Research programmer, Yale University Author, JSTL in Action, Web Development with JavaServer Pages.

Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.

USCGrid A (Very Quick) Introduction To PubCookie

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

Web Authentication at Iowa Ed Hill Software Developer The University of Iowa.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University.

Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

Module 11: Securing a Microsoft ASP.NET Web Application.

Shibboleth: An Introduction

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

UMBC’s WebAuth Robert Banz – UMBC

Office of Information Technology Help Desk: ECS 020 Phone: Web UMBC Uploading your personal.

Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing Zach Garner.

Authentication at Penn State: The Present State of Affairs and Future Directions James A. Vuccolo, Manager, Software Technologies Group Phil Pishioneri,

Shibboleth: OSU Early Adoption Scenarios Scott Cantor April 10, 2003 Scott Cantor April 10, 2003.

Amber Johnson U.S. Department of Education WVASFAA Fall 2015 Conference October 29, 2015 FSA ID: The FSA PIN Replacement.

ON YOUR TERMS Business needs * Enhanced by upcoming Azure IAAS features GoodBetterBest * * GoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBest.

JTC Consulting Group Knowledge Management System Jennifer Leigh Carlos Pena Terry Yong 1.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.

Configuring and Deploying Web Applications Lesson 7.

For integration with Aptify/Sitefinity

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

The LemonLDAP::NG project

Munix Bus WiFi Authentication, Log Management, Internet Security, Content Filter & VPN Service Internet Gateway & Business Intelligence

A deep dive into Azure AD B2C

Embracing the New Job Board Module

A National e-Authentication Service

New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.

The Student Classlink Dashboard

Azure Active Directory - Business 2 Consumer

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

BIM 360 Glue Migration to BIM 360 Account Administration (HQ)

Federation made simple

GRS & BuzzAPI IAM Users Group Sept 2016.

Authentication & .htaccess

511NY Rideshare Technical

CAS and Web Single Sign-on at UConn

Welcome to the 20th Anniversary of the IUG

ESA Single Sign On (SSO) and Federated Identity Management

PSC Group, LLc Office 365/SharePoint Online Migration traps and tricks

Dartmouth College Status Report

Getting Started.

Getting Started.

Central Authentication Service

ASP.NET Authentication with Identity Jump Start

BPOS to Office 365 Transition for Existing BPOS Customers

Securing web applications Externally

Getting Started With LastPass Enterprise

Presentation transcript:

Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th, 2009

Who will this affect Today: OIT developers, OIT end users, OIT support staff Followed by: CSR’s, Campus Developers, Support Staff Finally: Almost every GT web user. Office of Information Technology

login.gatech.edu GT branded as login.gatech.edu Standard SSO solution from JA-SIG called CAS (Central Authentication Service) Widely used and documented especially in higher ED Will replace webauth.gatech.edu Office of Information Technology

What is changing? New features or functionality of login.gatech.edu Single Sign On by default: login once for many apps. SSO controls: i.e. force rechecking of password Central logout page for applications to use Application Registration: Reporting, Theme, Additional Attributes per application Complete CAS protocol support Lost features or functionality of webauth.gatech.edu No Bounce API: custom GT API presents security concern Office of Information Technology

Migration Paths Sites moving to login.gatech.edu fall into one of two groups Each site may migrate independent of each other CAS or “old” API –Small configuration change –Similar or same protocols supported by login.gatech.edu –User will see new login site Bounce API –May require some development work –User facing change Office of Information Technology

Site Statistics Monthly usage reports –Shows site API –Show unique users –Shows URL or host name Office of Information Technology Top 3 Sites of 250 total SiteLoginsUsersAPI mail.gatech.edu Bounce t-square.gatech.edu CAS

User Experience Application page with login button –t-square Redirect through login.gatech.edu if no application session. –User sees login.gatech.edu and logs in if no SSO session –Login is authenticated with no intermediate page if SSO session exists Default behavior, user or application can override –Application or Web server can implement Office of Information Technology

How To’s: –As an apache module, replacement for basic auth –With php code or module –As an IIS plugin –As a java filter: tomcat, j2ee apps, etc. –Lots more! Office of Information Technology

The logout dilemma Office of Information Technology

Office of Information Technology Today login.gatech.edu is available for early adopters Milestones Timelines Sunset webauth 2010 Dashboard/Wrapup

Office of Information Technology News & Questions Passport Upgrade 5/16/2009 –Password expiration extended from 90 to 120 days –Employees can and should set published via passport –Regular confirmation of GTENS and published –GtAccount! No more AD vs Kerberos –Cleanup of hints and buzzcard Brown bag with CoC this summer –Replace your NIS infrastructure with GTED –Use GRS to manage roles and authorizations