Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.

Slides:

Advertisements

Similar presentations

Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting.

Advertisements

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.

Web Application Security SSE USTC Qing Ding. Agenda General security issues Web-tier security requirements and schemes HTTP basic authentication based.

Securing web applications using Java EE Dr Jim Briggs 1.

My First Building Block Presented By Tracy Engwirda 28 September, 2005.

WEB2P security Java web application security Dr Jim Briggs.

XMAS installation instructions Windows Version: 1.0 4/22/2008.

Internet Information Server (IIS)

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series WebSEAL SSO, Session 1 Presented by: Andrew Quap.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Session 11: Security with ASP.NET

An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

WaveMaker Visual AJAX Studio 4.0 Training Authentication.

Copyright 2000 eMation SECURITY - Controlling Data Access with

Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.

© Blackboard, Inc. All rights reserved. Security and Authentication with Blackboard Building Blocks™ David Ashman Senior Software Architect, Product Development.

SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,

Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

Module 11: Securing a Microsoft ASP.NET Web Application.

Shibboleth: An Introduction

Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business.

Blackboard Building Blocks Portal Modules and Module Types Monday, November 16, 2015 Tom Joyce, Product Manager, Product Development.

2/26/021 Pegasus Security Architecture Author: Nag Boranna Hewlett-Packard Company.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

What's New in Kinetic Calendar 2.0 Jack Boespflug Kinetic Data.

UMBC’s WebAuth Robert Banz – UMBC

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

ICM – API Server & Forms Gary Ratcliffe.

Security E-Learning Chapter 08. Security Control access to your web site –3 Techinques for Identifying users Giving users access to your site Securing.

Combining ArcGIS for Server & ArcGIS Online Julia Guard and Matt Monson.

Configuring and Deploying Web Applications Lesson 7.

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

Managed by UT-Battelle for the Department of Energy Kay Kasemir ORNL/SNS 2012, April at SLAC Control System Studio Training - Alarm System.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Installing and Configuring Moodle. Download Download latest Windows Install package from Moodle.orgMoodle.org.

19 Copyright © 2008, Oracle. All rights reserved. Security.

ArcGIS for Server Security: Advanced

Architecture Review 10/11/2004

Ask the Experts – Building Login-Based Sites in AEM

Agenda Introduction Security flow for a request Authentication

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

TOPSpro Special Topics

Section 13 - Integrating with Third Party Tools

Welcome to the 20th Anniversary of the IUG

Jim Fawcett CSE686 – Internet Programming Summer 2005

Creating Novell Portal Services Gadgets: An Architectural Overview

IBM Certified WAS 8.5 Administrator

Configuration Of A Pull Network.

Combining ArcGIS for Server & ArcGIS Online

Securing web applications Externally

Presentation transcript:

Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database

Road Map Authentication/Security Overview Release 6 Authentication Options Custom Authentication Authentication Demos Review/Open Discussion

Authentication Concepts Ensures that you are who you say you are! Most schemes require the user to present a set of credentials In the form of a username/password, or others Referred to as End User Authentication (EUA)

EUA Options in Release 6

Blackboard Learning and Community Portal System™ (Release 6) offers several options “out of the box” solutions One option for all Vls Set in authentication. Properties (file)

EUA Options Blackboard Default (RDBMS) LDAP Webserver Delegation Passport Custom

Default Authentication (RDBMS) Standard with Blackboard Learning System™(Release 6) Form to enter in their user id and password

Default Authentication Customization Options –Users can customize login page via UI –Direct Portal Entry MD5 Passwords are stored in Bb Database Uses a challenge/response mechanism for increased security

Challenge/Response Mechanism Does not send the password over the network in “clear text” form Prevents “sniffing” of passwords

Challenge/Response Mechanism User Requests Login Page Server sends login page with Challenge User Enters Credentials; Credentials are submitted with Challenge and MD5 Encrypted Server receives credentials, uses challenge to compare the password with the MD5 password stored in the Bb5 database

EUA Option: LDAP Can configure to go against an external LDAP directory Standard Bb Login Screen Used Matches against the user id in the Blackboard database SSL enabling Blackboard strongly encouraged

EUA Option:Webserver Authenticates information based on the user passed via HTTP to the authentication module. Checks for the existence of the “remote-user” variable. User is reconciled with users already in the Bb Database (more on this later) Windows—Automatically installs an ISAPI filter to add this information based on the Windows Domain (Windows Integrated) UNIX—Add-ins for Apache are required

EUA Option: Passport Requires users to login using a Microsoft Passport Functionally similar to Webserver auth

User Reconciliation Options User is received from external system What to do if user is not found in system In Release 6: –Webserver and Passport

Reconciliation Process The Auth module receives the external credential –Windows Auth: Windows Domain/User ID (e.g. DC/tjoyce) –Passport: PUID (Passport Unique ID) The User Registry is searched for the external credential If found, then the user is authenticated

Reconciliation Process, Cont’d If user is not found, depends on user_account setting: –Reconcile: Present the user with a form –Create: Create the user based on external ID –Deny: Do not authenticate the user

User Option: Reconcile User is presented with a screen and prompted to enter in Bb Credentials MUST exist in the Blackboard database! The external user is associated with that Blackboard user

User Option: Create User is automatically created in the Blackboard database based on the external credential –Webserver: webserver-user-xxxx –Passport: passport-user-xxxx User or Admin can change personal info

User Option: Deny User not in User Registry = No access

Reconciliation Option Pitfalls Info is stored in the User Registry Not accessible by Snapshot or UI. Non-Public methods exist to get the data via the Java API May be addressed in 6.2

EUA Option: Custom Authentication API Java API is part of B2 program B2 Developers should use this for custom authentication modules

Authentication API (HttpAuthModule) void init(ConfigurationService cfg) boolean isAuthenticated(HttpServletRequest request) throws BbSecurityException; String doAuthenticate(HttpServletRequest request, HttpServletResponse response) void doLogout(HttpServletRequest request, HttpServletResponse response) void requestAuthenticate(HttpServletRequest request, HttpServletResponse response) public String getAuthType(); public String[] getPropKeys(); public void setConfig( HttpAuthConfig config );

API Details void init(ConfigurationService cfg) –Called upon Tomcat initialization public String getAuthType(); –Must return a String (i.e., “customauth”) public String[] getPropKeys(); –Return an array of properties for this authentication –At a minimum, “impl” should be returned here to specify the class name of the custom module

API Details (cont’d) public void setConfig( HttpAuthConfig config ); –Handle to the configuration properties for the autentication void requestAuthenticate (HttpServletRequest request, HttpServletResponse response) –Called when Blackboard requires authentication –Can set this to a web page, login form, or do nothing.

API Details (cont’d) String doAuthenticate (HttpServletRequest request, HttpServletResponse response) –Does the implementation-specific work of authenticating the user –Return the user id if successful, null if not (can also throw a BbSecurityException)

API Details (cont’d) boolean isAuthenticated (HttpServletRequest request) throws BbSecurityException; –This is deprecated; can return true here Caveat: As of , you MUST subclass BaseAuthenticationModule! –This has been identified as a bug and will be fixed in a future release

Authentication Configuration 2 Files: –bb-config.properties –authentication.properties Run PushConfigUpdates after changing any values Load Balanced Systems

Config File: bb-config.properties bbconfig.auth.type= –rdbms, ldap, webserver, passport, or “custom”

Config File: authentication.properties Entries in the form: –auth.type.. = Example: –auth.type.rdbms.use_challenge=true –auth.type.ldap.error_fallback_to_bb=false

Demo: Custom Auth Code CustomAuthModule.java –Implement HttpAuthModule.java –MUST subclass BaseAuthenticationModule (this is a bug) –Build jar, move jar to Tomcat lib/apps (windows) –Edit authentication.properties, bb- config.properties –Restart Tomcat

Summary Several Different Authentication Options are available for Release 6 B2 Developers can develop Custom Authentication modules Numerous Possibilities exist for custom authentication modules (SSO, Kerberos, etc.)

Q&A/Open Discussion Tom Joyce, Product Manager, Platform, Architecture and Database BBDN

Thank You Demos to Follow >