SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Slides:

Advertisements

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Advertisements

Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.

Privileged Identity Management Enterprise Password Vault

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Securing web applications using Java EE Dr Jim Briggs 1.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

WEB2P security Java web application security Dr Jim Briggs.

Introduction To Windows NT ® Server And Internet Information Server.

Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Enterprise Single Sign On Identity management for web applications.

Windows Security Mechanisms Al Bento - University of Baltimore.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Copyright © 2007, SAS Institute Inc. All rights reserved. SAS Activity-Based Management Survey Kit (ASK): User Management & Security.

Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.

Session 11: Security with ASP.NET

Access Gateway Operation

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Coppin State University Integration Strategies for PeopleSoft Enterprise Portal June 7, 2006 at 10:45 AM Portal 2006 Conference Gettysburg, PA.

IT und TK Training Check Point Authentication Methods A short comparison.

Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

SURENDER SARA 10GAS Building Corporate KPI’s

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

Identity on Force.com & Benefits of SSO Nick Simha.

Oracle Application Express Security. © 2009 Oracle Corporation Authentication Out-of-the-Box Pre-Configured Schemes LDAP Directory credentials Oracle.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,

Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.

Shibboleth 2.0 IdP Training: Authentication January, 2009.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Module 11: Securing a Microsoft ASP.NET Web Application.

Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business.

Web Database Programming Week 7 Session Management & Authentication.

Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a.

Integrating and Troubleshooting Citrix Access Gateway.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Security E-Learning Chapter 08. Security Control access to your web site –3 Techinques for Identifying users Giving users access to your site Securing.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

ASP.NET 2.0 Security Alex Mackman CM Group Ltd

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Secured Services Best Practices on ArcGIS for Server Patrick Jackson & Thomas Noble.

19 Copyright © 2008, Oracle. All rights reserved. Security.

ArcGIS for Server Security: Advanced

Identity and Access Management

Secure Connected Infrastructure

Ask the Experts – Building Login-Based Sites in AEM

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

Authentication & .htaccess

CAS and Web Single Sign-on at UConn

Jim Fawcett CSE686 – Internet Programming Summer 2005

Introduction to SQL Server 2000 Security

Creating Novell Portal Services Gadgets: An Architectural Overview

IBM Certified WAS 8.5 Administrator

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005

Opening Slide Session Objectives: –Understand the Blackboard Academic Suite™ security and permissions architecture –Review options available Innovation –Discover opportunities Results/Outcomes –Improve service to users –Reduce support costs

Agenda Authorization Session Management Authentication –Configuration Options –Single Log-in –Single Sign-on Authorization Session Management Authentication User Identity Resources

Authorization Self Contained in Blackboard® GUI Configuration Allows the user to perform sets of actions Software driven Authorization Blackboard Database Blackboard Database User ID ??? Who are you? What do you want? Permission to see it. Permission to do it.

System Privileges course.images.MODIFY course.settings.MODIFY course-catalog.CREATE course-catalog.DELETE course-catalog.MODIFY course-catalog.settings.MODIFY course-categories.VIEW discussion-board.CREATE discussion-board.DELETE discussion-board.MODIFY discussion-board.VIEW -all-instructors.EXECUTE -all-students.EXECUTE -all-users.EXECUTE -support.MODIFY

Authorization and Session Management Session Manager maintains ID Authorization requests ID Authorization Session Management Who are you? User ID

Blackboard Session Management Session Launch Session Cookie/Table Timeout Stateful Session Management Cookie Session ID User ID Blackboard User ID

Sessions Across Servers Session Affinity Cookie-based Session Cache Load Balancer App1 File Server App2 App3 Database

User_ID Authentication Who are you? –How do we get the user ID? Can we trust you? –How do we secure the process? Session Management

Basic Workflow Authorization Session Management Authentication

Authentication Options Default Single Log-in –LDAP Single Sign-On –Web Server Delegation Windows (IIS) UNIX (Apache) Shibboleth –Custom Pass-Through Authentication

Default Blackboard Authentication Uses a Challenge/Response Mechanism Does not send the password over the network in “clear text” form Does not store passwords in “clear text” Authentication Properties = RDBMS

Challenge/Response Mechanism User Requests Login Page Server sends login page with Challenge User Enters Credentials; Credentials are submitted with Challenge and MD5 Encrypted Server receives credentials, uses challenge to compare the password with the MD5 password stored in the Bb database

Single Log-In Application1 Application3 username & password Application2 username & password Directory Service One Username and Password pair for multiple Applications

Blackboard LDAP Authentication Configuration setting “plugs” Blackboard into existing infrastructure and enables Single Login Provides for multiple directories and fallback for Blackboard only users LDAP v2, but…

Blackboard Directory Service HTTPS LDAP(S) username & password YES or NO Directory Service LDAP Authentication Security Configuration Fallback

Authentication Service/Gateway Authentication Service/Gateway Directory Service Single Sign-On Application1 Application3 username & password Application2 One Username and Password submission for all applications

Web Server Delegation Types –Apache Mods –IIS/Active Directory –Custom Reconcile, Create or Deny User Registry or Batch_UID

Web Server Delegation Blackboard Web Server User ID Session Management Authentication Remote_User

Authentication Service/Gateway Authentication Service/Gateway Institutional Single Sign-On Application1 Application3 Application2 WebServer Web Initial Sign-On

Pass Through Authentication Application 1 Authentication Session Mngr Blackboard Handler Session Mngr User ID Application 2 Handler Session Mngr Context –/webapps/blackboard/launch_external.jsp –Context Encryption

Log Out No workflow is complete without the LOG OUT procedures Review Use Cases!! Check sessions of all applications Application1 Application3 Application2

Closing Slide Innovating Together in ‘05: –Authorization, Session Management, Authentication –Authentication methods Resources Available: –Blackboard Authentication Manual –Blackboard Administrators Manual –Web Initial Sign-on ( Follow up Contact(s): –Jeff Kelley, Solutions Engineer IF YOU ONLY REMEMBER 1 THING: –Don’t forget to log out!