FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

Slides:



Advertisements
Similar presentations
automated single login access to Novell storage resources
Advertisements

Implementing Tableau Server in an Enterprise Environment
ADManager Plus Simplify Your Active Directory Management.
ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
People Database project John Byrne. Project aims Improve current Computing Service resource management processes Provide a reference 'People Database'
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Protecting Identities at FSU Principles of SSN replacement Jeff Bauer Florida State University
Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Active Directory: Final Solution to Enterprise System Integration
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Infrastructure Mark Rosenberg UCCSC. UCCSC – August 9, 2005 What is LBNL? A Department of Energy National Laboratory, operated by the University.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
SIMI: ISO Perspective Al ISO CSU Northridge
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.
GatorAid: Identity Management at the University of Florida Mike Conlon Director of Data Infrastructure
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
Page 1 CITS Active Directory Implementation UMass Dartmouth.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
EXtreme Deployment Distributing and Configuring 450 Student Notebooks in Five Hours E. Axel Larsson & Russell Sprague Drew University.
Middleware Deployment Issues Jack Suess, CIO, UMBC
Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.
FSU’s Portal Project Secure Applications in Blackboard Jeff Bauer Office of Technology Integration 5/24/2005.
Who’s Who and What’s What in the University Directory at Georgetown Common Solutions Group Spring Meeting University of Chicago May 9, 2002 Charles F.
1 Simon: What, How and Why Jon Finke Communication and Middleware Technology.
Oracle Application Express 3.0 Joel R. Kallman Software Development Manager.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
 Academic   Administrative ◦ Departments  Desktop Services  Networking & Telecommunications  Computer Center ◦ Office of Computer and Information.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Implementing Novell Identity Management at Drew University E. Axel Larsson Drew University ACM SIGUCCS Fall 2005 Conference Monterey, CA.
Office of Technology Integration Information Services – Application Development IS programmers use a variety of environments, most with at least a “development”,
Uniting Cultures, Technology & Applications A Case Study University of New Hampshire.
Joe Skehan Senior Product Manager, Net Directory Services Novell, Inc. Introduction to Novell DirXML ™
Using Novell iChain ® 2 to Deliver Internal Network Access without a VPN Brian Six Technical Account Manager Novell, Inc.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
GatorLink Password Management Policy March 31, 2004.
USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.
Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions
FSUID & AD Integration Partnering with the College of Human Sciences Jeff Bauer, AIS
Identity management, authentication and registration at the University of Helsinki Tietotekniikkaosasto Ismo Aulaskari
Sudha Iyer Principal Product Manager Oracle Corporation.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
FSU’s Portal Project Secure Login in Blackboard Jeff Bauer Office of Technology Integration 4/26/2005.
FSU Metadirectory Project The Issue of Identity Management Executive Overview.
FSU Metadirectory Project The Issue of Identity Management Executive Overview
Authorization vs. Authentication Authentication is the process of proving identity to the system –login Authorization happens after authentication. It.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.
Scaling RADIUS to Support a Nationwide Network Access Infrastructure Kostas Kalevras NTUA Network Operations Centre.
CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,
Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.
July 12, 2012 Tier I Meeting Identity Management.
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.
CollegeSource Security Application &
John O’Keefe Director of Academic Technology & Network Services
Novell Account Management Introduction and Overview
Creating Novell Portal Services Gadgets: An Architectural Overview
Implementation and configuration of LDAP
Identity Management at the University of Florida
Tyler Technologies presents: What you need to know about upcoming changes to your New World ERP technical environment in Mike Adnson | Launch Manager,
Presentation transcript:

FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

The Problems (2003) Individuals have to remember too many different names and passwords to access our systems; accounts were created on different web pages With new PeopleSoft ERP, we wanted to avoid yet another username & password We have too many LDAP directories, with almost the same information in each (need to consolidate!) Many of our systems (electronic and in-person) still rely on asking an individual for their Social Security Number as a method for authentication

The SSN Problem SSN is used as a method for authenticating students and employees via web and in-person challenges Mandates to protect & hide SSN abound SSN is still required for certain business processes (HR, external identity of students to Feds, etc.)

The Proposal (2003) This proposal is an attempt to combine identity terms and solve the SSN/multiple identity problem Proposal: –FSUID = new public “login name”/password –FSUSN = new “SSN-like” private number –A combined directory will manage this information

The Identity Problem C.A.R.S. (”ldap1”) –All students, faculty & staff plus visitors –Tied into automated systems on campus, such as FSUCard, HRMS, etc. –Used for authorizing “garnet/mailer” servers, dialup service

The Identity Problem C.A.R.S. (”ldap1”) –Blackboard authentication

The Identity Problem O.P.S. (Secure Login; ”ldap2”) –All students, faculty & staff plus visitors –Tied into automated systems on campus, such as FSUCard, HRMS, etc. –Used for authorizing many administrative applications (many, but not all of which, were replaced by PeopleSoft functionality)

The Identity Problem Web registration for classes (SSN)

The Identity Problem Administrative –Managed in the enterprise “FSU” Microsoft Active Directory (Outlook users) –Semi-manual account management –Mostly used by some ~6,000 administrative employees

The Identity Problem Netware Account –Provides authentication & file service –Manual account management –Mostly used by some ~6,000 administrative employees

The Identity Merger (2004)

FSUID Initial Signup

FSUID Helpdesk Utility

Behind the Scenes Novell eDirectory –Five production RedHat servers –Two development RedHat servers Separate iPlanet LDAP strictly for public employee attributes and quick searches Multitude of Perl scripts updating attributes All LDAP over SSL (port 636)

eDirectory Ring (production) One master node Four R/W replicants R/Ws can happen anywhere eDir will sync values over time (up to 30 mins) Housed in different physical locations All LDAP-reachable

Schema & eDir Details Schema is EduPerson compliant (200312) ~150 FSU-specific attributes (“fsuEduXXXX”) Many attributes are indexed to increase performance Use proxy accounts and ACLs to limit view of attributes to specific applications Used Perl for rapid app development and ease of data sources (LDAP, flat files, Oracle, AD, iPlanet, DB2, etc.)

Example of FSU-specific attribute

LDAP clients using FSUID authentication Central Authentication Service (CAS) instance, connecting Blackboard & FSUID PeopleSoft instances Business Objects instance VPN Concentrators directly or via RADIUS; BlueSocket boxes for Wireless A&A Java properties for business applications UNIX hosts

Departmental Identity Management Number of departments now use FSUID- driven data to manage their student & employee accounts Mostly Active Directories with information “pushed” via LDAPS (account creation, directory attribute updating, password resets, etc.)

Good, Bad & the Ugly DirXML –Main reason decided to purchase eDir instead of using, say, iPlanet or OpenLDAP because of PeopleSoft integration piece (real time directory updates from HR) –We have not implemented this as yet, alas “ndsd” (eDir daemon) –Multi-threaded –memory problems (crashes); still not fully resolved eDir’s unencrypted “database”

What Next? Shorten up “hire/admit to login” time lag Rewrite FSUID web pages as native Blackboard Java/JSP pages Merge more FSU identities into the FSUID directory Push FSUSN usage across campus Manage more departmental identities Set up production Shibboleth using this directory

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.