Teamcenter™ Security Services SSO

Slides:



Advertisements
Similar presentations
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
Advertisements

Welcome to Middleware Joseph Amrithraj
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
SharePoint Server Architecture and Deployment Michael Curry.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Enterprise Single Sign On Identity management for web applications.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Authenticating REST/Mobile clients using LDAP and OERealm
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Virtual Machine Management
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Single Sign-on Integration (SSI) MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza.
TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series WebSEAL SSO, Session 1 Presented by: Andrew Quap.
August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
Square Pegs in Round Holes: Linux in a Windows World Eric G. Wolfe © 2008 Senior Linux Administrator Marshall University Slides, and code available at.
Copyright © 2007, SAS Institute Inc. All rights reserved. SAS Activity-Based Management Survey Kit (ASK): User Management & Security.
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Web Based Applications
Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:
Session 10 Windows Platform Eng. Dina Alkhoudari.
Networked Application Architecture Design. Application Building Blocks Application Software Data Infrastructure Software Local Area Network Server Desktop.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
NETWORK FILE ACCESS SECURITY Daniel Mattingly EKU, Dept. of Technology, CEN/CET.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Project Server 2003: DC340: Security (Part 1 of 2): How to securely deploy Project Server in an enterprise environment Pradeep GanapathyRaj (PM), Karthik.
Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Part II - Microsoft ® Project 2000 Enterprise Deployment Templates.
® Gradient Technologies, Inc. Extending the Value of DCE Open Group Members Meeting Sand Diego, CA USA April 1998 Brian Breton.
authenticated networked guided environment for learning - secure integration of learning environments with digital libraries - Current.
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.
1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.
Microsoft Management Seminar Series SMS 2003 Change Management.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.
8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure.
Creating competitive advantage Copyright © 2003 Enterprise Java Beans Presenter: Wickramanayake HMKSK Version:0.1 Last Updated:
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
MIS Week 5 Site:
Hands-On Microsoft Windows Server Implementing User Profiles A local user profile is automatically created at the local computer when you log on.
Enterprise Java v040918JBoss Security Setup1 Setting up Security in JBoss References: “Getting Started with JBoss, J2EE applications on the JBoss 3.2.x.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
Alain Bethuyne Web Security Architect BNPParibas Fortis
Secure Connected Infrastructure
New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Data and Applications Security Developments and Directions
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
Consulting Services JobScheduler Architecture Decision Template
Server Concepts Dr. Charles W. Kann.
Welcome To : Group 1 VC Presentation
DHCP, DNS, Client Connection, Assignment 1 1.3
Oracle Architecture Overview
Web Servers (IIS and Apache)
Presentation transcript:

Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. Objective Explain how General Dynamics C4Systems implemented a no-challenge login using the Teamcenter Security Services™. © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. Outline The CIO Challenge Terminology/Definitions Teamcenter Enterprise™ Login Architecture The Options The Solution Our Environment Considerations Questions © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. The Challenge Implement a non-challenge SSO solution for the Teamcenter™ suite of products. Solution must have IT Networking acceptance/support Solution must have IT Information Security acceptance/support Solution must work with existing assets and resources © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. Terminology Authentication: Who the user really is Authorization: What the user is allowed to do SSO: A non-challenge login to systems after the user has been authenticated on the network domain Teamcenter Security Services (TCSSO): Web-based application that maintains a central login for all Teamcenter applications LdapAuth: Allow Enterprise users to login with their network login account © 2008 General Dynamics.  All Rights Reserved.

Login Architecture (Enterprise) With TCSSO With LdapAuth Prompt for Credentials © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. The Options Internet Information Services™ (IIS) Network recommended Quick Need to use multiple machines to redirect Security “disliked” the idea Move web tier to windows Resolve security issue Still use IIS Lack of windows machines Lack of “team comfort” JBoss™ LDAP Authentication Limited customization Significant setup Lack of experience © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. The Options Apache™ LDAP Authentication Limited customization Significant setup Lack of experience Java Authentication and Authorization Service (JAAS) Java based (any platform) Web service Customization Changes to AD © 2008 General Dynamics.  All Rights Reserved.

JCIFS (Java Common Internet File System) The Solution JCIFS (Java Common Internet File System) (http://jcifs.samba.org) Validated against AD with Kerberos protocol All “open” credentials are kept in the same “container” (jvm) Works on any platform Should work on any J2EE java application server Only handled authentication of user, did not give Teamcenter Credentials © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. The Solution Configure Security Services Add JCIFS Filter to web.xml Modify PreLoginPage.jsp © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. The Solution JCIFS Filter © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. Our Environment © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. Considerations Implemented with Tc Enterprise™, Tc Engineering™, Tc Reporting and Analytics™ Only addresses web-based login (Clients, TcRA™ (backend), integrations, still use server side authorization) Only works when logging in from windows OS machines (looking into Unix) © 2008 General Dynamics.  All Rights Reserved.

© 2008 General Dynamics. All Rights Reserved. Questions? © 2008 General Dynamics.  All Rights Reserved.