Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

NRL Security Architecture: A Web Services-Based Solution
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
CS795/895.NET Passport1. NET PASSPORT &TRUSTBRIDGE SHRIPAD PATIL CS795/895 SECURITY IN DISTRIBUTED SYSTEMS.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
Enterprise Single Sign On Identity management for web applications.
Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Get Started With Marketing!. Marketing on Your Mind?  This presentation will include: Info for New and Experienced Users Ideas for marketing to Students.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Integrating with UCSF’s Shibboleth system
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
GatorLink Password Management Policy March 31, 2004.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Single Sign-On
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Shibboleth: An Introduction
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing Zach Garner.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.
The State of Identity Management on Your Campus Session Moderators Jacob Farmer, Indiana University Theresa Semmens, North Dakota State University November.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
IT Services Shibboleth Single Sign-On overview. Overview What/where/why? The UK-Federation/Registration Terminology Configuration Protecting Content Benefits.
Secure Single Sign-On Across Security Domains
Using Your Own Authentication System with ArcGIS Online
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Federation made simple
Authentication & .htaccess
HMA Identity Management Status
Data and Applications Security Developments and Directions
Welcome to the 20th Anniversary of the IUG
CompTIA Security+ Study Guide (SY0-401)
Public Key Infrastructure from the Most Trusted Name in e-Security
Shibboleth 2.0 IdP Training: Introduction
Microsoft Virtual Academy
Presentation transcript:

Authentication via campus single sign-on 2012 VIVO Implementation Fest

Welcome & Who are we? 2 Vincent Sposato, University of Florida Enterprise Software Engineering Primarily focused on VIVO operations and reproducible harvests Alex Viggio, Colorado University Office of Faculty Affairs FIS Developer

Goals of this session Provide you with a why for single sign-on Provide a basic implementation of a single sign-on solution, as implemented at UF Answer questions 3

Why Single Sign-On?

What is single sign-on? Is a property of access control of multiple related, but independent software systems Is usually an independent authentication system, with stricter rules, that provides confirmation of identity to these systems Is often thought to be the unicorn of authentication, as many have heard of it but no one has truly seen it Has been referred to as Enterprise Reduced Sign-On 5

Why single sign-on? Reduces ‘password fatigue’ from remembering multiple usernames and passwords for different systems Reduces amount of duplicating password entry for same user within same environment Provides for enforcement of more robust security requirements and compliance reporting, since there is a centralized authentication mechanism 6

Why not single sign-on? Potential for increased risk should identities be compromised, as single sign- on gives the ‘keys’ to the castle away Loss of singular authentication system, would result in denial of service to a large amount of systems Can be difficult to integrate with older systems, and /or closed systems that do not natively support separate authentication 7

Who has single sign-on Every Major Institution in the world … That we know of 8

Typical SSO Implementations Kerberos – Once authenticated a ticket-granting ticket is given to the system – This TGT is handed around to gain authentication to other systems that support Smart Card – Use of a password to unlock the Smart Card – Other applications make call to the Smart Card without further need to provide password One Time Password (OTP) – RSA SecurID is an example of a OTP, and is the standard for 2-Factor Authentication Integrated Windows Authentication (Active Directory) – Microsoft standard for integrating credentials between supporting systems – uses Kerberos, SPNEGO, and NTLMSSP – to accomplish SSO Shibboleth – Open-source federated identity-based authentication and authorization system based on Security Assertion Markup Language (SAML) 9

What do I need to have? Guides about the Identity Management your institution The required software for your identity management system installed and configured on your VIVO application server 10

Implementing Shibboleth

How does it all work 12

Setting up the Server to Secure VIVO You can use shibboleth.xml to secure applications We use the apache configuration files Add the following lines fix confusion between tomcat, apache, and shibboleth JkUnMount /Shibboleth.ssso/* default JkUnMount /Shibboleth default JkUnMount /shibboleth-sp/* default 13

Setting up the Server to Secure VIVO Next we need to specify the location of VIVO login processing /loginExternalAuth and turn on shibboleth for that file AuthType shibboleth ShibRequireSession On require valid-user require shibboleth ShibUseHeaders On 14

Setting up VIVO for the SSO Most SSO pass an apache header variable once authenticated. If they don’t you’ll need to write an application to generate one based on its method of passing the authenticated users information Set in your configuration file – external.Auth.netIDHeaderName 15

Setting up VIVO for the SSO Its not always easy to change styles and pages in VIVO for someone who isn’t a web designer. So instead of keeping the login text generic with “Login” we can change the text from the deploy properties file. – externalAuth.buttonText 16

Setting up VIVO for the SSO You need to have in your VIVO a data property populated with the identifying information that will come from your SSO. This is used to associate an individual with their profile in VIVO Set that data property into – selfEditing.idMatchingProperty To – md/institutionid 17

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.