Download presentation
Presentation is loading. Please wait.
Published byJaqueline Pilling Modified over 9 years ago
1
State of Connecticut Department of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson
2
Enterprise Single Sign On User Provisioning User Authentication Application Authentication
3
What makes up SSO NOVELL Edirectory 8.8 Access Manager 3.1 Identity Manager 3.5 Nsure Audit 2.0 All running on SUSE LINUX 10 SP2
4
User Provisioning Identity Vault Active Directory LDIF or LDAP Bulk Load Data
5
State of Connecticut User Identity Vault In Edirectory DS Executive DPS Officer JudicialLegislativeFederalMunicipality East Hartford IAD CJIS COLLECT OBTS
6
How do they do That? Standard Web based Access DNS WEB SITE URL User Enters a URL (Uniform Resource Locator) The local DNS Server resolves the URL to a IP Address The Internal network directs the session to the Web Site
7
How do they do That? Standard Web based Access DNS WEB SITE URL URL = http://www.ct.gov DNS > www.ct.gov=159.247.0.0 State of CT Web Site Displayed
9
How do we do That! Single Sign On Web Access Via Reverse Proxy URL = http://www.ct.govhttp://www.ct.gov DNS > www.ct.gov = 159.247.0.0www.ct.gov DNS > www.ct.gov = 159.247.X.Ywww.ct.gov Access Gateway > www.ct.gov = 159.247.0.0
11
User Authentication Single Sign On Web Access DNS Access Gateway Identity Server Index Server Access Gateway Web Server URL
12
Single Sign On User Authentication Web Browser Browser Header Record Outside Firewall Domain Name Server Access Gateway Identity Server Index Server Web Server
13
The approved methodology for passing User data to the application. Browser Header Injection The alternative method. User Authentication Form Fill (Off-Shelf Systems)
14
User Authentication Browser Header Injection ---------------------------------------- Headers received from browser for request '163' URL = /nesp/app/plogin?c=name/password/uri&%22http://csde.stag.ct.gov/ %22 ---------------------------------------- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/pl ain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Host: csde.stag.ct.gov:80 Connection: Keep-Alive
15
User Authentication Form Fill (Off-Shelf Systems) New System Login Login __________ Password _____________
16
Application Authentication Application Security LDAP calls to Edirectory Internal to Application LDAP Search = WilsonED Groups = DMS, NDS, SFTP, SSO
17
Application Authentication Application Role Based Security In Edirectory DS DS Executive DPS Officer JudicialLegislativeFederalMunicipality East Hartford ORI IAD CJIS COLLECT OBTS Dispatcher
18
In the Future Content Management Self Service
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.