Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a.

Slides:

Advertisements

Similar presentations

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Advertisements

Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution.

Chapter 10 Real world security protocols

Access and Overview. Login procedures and requirements. Creating and updating tickets. Understanding special ticket states. Adding an attachment to an.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

How To Use secure.colostate.edu/netconnect Use your web browser User your web browser to and go to: Login using.

User Registration. Click on ‘Sign Up’ button. Enter Registration details and click on submit button.

MyProxy: A Multi-Purpose Grid Authentication Service

Access Control Chapter 3 Part 3 Pages 209 to 227.

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

AutoSignon - A Reference Implementation of a Secure Single Sign-On Blackboard Building Block TM Richesh Ruchir, Technical Manager

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

CS795/895.NET Passport1. NET PASSPORT &TRUSTBRIDGE SHRIPAD PATIL CS795/895 SECURITY IN DISTRIBUTED SYSTEMS.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Enterprise Single Sign On Identity management for web applications.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.

Step by step guide to reset your Honeywell LDAP Password

© 2012 Cisco and/or its affiliates. All rights reserved. BRKUCC Cisco Public (SAML) Single Sign-On (SSO) for Cisco Unified Communications 10.x By.

KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.

WaveMaker Visual AJAX Studio 4.0 Training Authentication.

Browser Web Server Users DB 2a. Redirect to login page plugin 1. access a protected page Login Web Server (https) aislogin.cern.ch edh.cern.ch 3a. Set.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

Identity on Force.com & Benefits of SSO Nick Simha.

CSC 386 – Computer Security Scott Heggen. Agenda Do not wait for me; begin working right away Complete the following tasks in your code: Implement the.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

Web Authentication at Iowa Ed Hill Software Developer The University of Iowa.

authenticated networked guided environment for learning - secure integration of learning environments with digital libraries - Current.

Module 11: Securing a Microsoft ASP.NET Web Application.

What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID Daniel Smith.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

McGraw-Hill/Irwin The Interactive Computing Series © 2002 The McGraw-Hill Companies, Inc. All rights reserved. Microsoft Access 2002 Using Access Tools.

Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing Zach Garner.

Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

The OWASP Foundation guarding your applications Koen Vanderloock

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Understanding Cisco Router Security.

15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Introducing the Central Authentication Service (CAS) Shawn Bayern Research programmer, ITS Technology & Planning Author, Web Development with JavaServer.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

1 Example security systems n Kerberos n Secure shell.

Live. learn. work. play Superior Ave E Suite 310 Cleveland Ohio Tel: Fax:

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

1 eWorkbench First Time User Tutorial Follow these instructions to obtain a User Name, Password and Account Validation.

PowerSchool What’s new? Parent Single Sign-On Coming Wed, September 21, 2011.

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

CAS and Web Single Sign-on at UConn

Radius, LDAP, Radius used in Authenticating Users

Kerberos: An Authentication Service for Open Network Systems

Enterprise Single Sign-On

Web Systems Development (CSC-215)

TaxSlayer Multi-Factor Authentication

Presentation transcript:

Qaforum Security Structure

What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error. Qaforum adopt CAS (Central Authentication Service) from Jasig project as sso. It’s an open source project at

SSO workflow

Security measure Use https for login process Before submit to login, system will encrypt the username/password with RSA algorithm 3 types users, users in db, users in silvercomp ldap, users in cisco ad. For users in db, their password is encrypted by md5 algorithm. For other two types, we do not keep the password in db, query the ldap/ad directly. Cookie does not keep any information of users. If user want to use Remember Me feature, only one cookie is kept in user’s browser, which contains the ticket composed by uid. (TGT-114- gqP60KOfeGkxJuK4VAvkEpDviqFGX6lsPWZn7pAXUPKXYZXT 2q-qaforum.webex.com)