Presentation is loading. Please wait.

Presentation is loading. Please wait.

State of Connecticut Department of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson.

Published byJaqueline Pilling Modified over 10 years ago

Similar presentations

Presentation on theme: "State of Connecticut Department of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson."— Presentation transcript:

1 State of Connecticut Department of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson

2 Enterprise Single Sign On User Provisioning User Authentication Application Authentication

3 What makes up SSO NOVELL Edirectory 8.8 Access Manager 3.1 Identity Manager 3.5 Nsure Audit 2.0 All running on SUSE LINUX 10 SP2

4 User Provisioning Identity Vault Active Directory LDIF or LDAP Bulk Load Data

5 State of Connecticut User Identity Vault In Edirectory DS Executive DPS Officer JudicialLegislativeFederalMunicipality East Hartford IAD CJIS COLLECT OBTS

6 How do they do That?  Standard Web based Access DNS WEB SITE URL  User Enters a URL (Uniform Resource Locator)  The local DNS Server resolves the URL to a IP Address  The Internal network directs the session to the Web Site

7 How do they do That?  Standard Web based Access DNS WEB SITE URL URL = http://www.ct.gov DNS > www.ct.gov=159.247.0.0 State of CT Web Site Displayed

8

9 How do we do That!  Single Sign On Web Access Via Reverse Proxy  URL = http://www.ct.govhttp://www.ct.gov  DNS > www.ct.gov = 159.247.0.0www.ct.gov  DNS > www.ct.gov = 159.247.X.Ywww.ct.gov  Access Gateway > www.ct.gov = 159.247.0.0

10

11 User Authentication  Single Sign On Web Access DNS Access Gateway Identity Server Index Server Access Gateway Web Server URL

12 Single Sign On User Authentication Web Browser Browser Header Record Outside Firewall Domain Name Server Access Gateway Identity Server Index Server Web Server

13 The approved methodology for passing User data to the application. Browser Header Injection The alternative method. User Authentication Form Fill (Off-Shelf Systems)

14 User Authentication Browser Header Injection ---------------------------------------- Headers received from browser for request '163' URL = /nesp/app/plogin?c=name/password/uri&%22http://csde.stag.ct.gov/ %22 ---------------------------------------- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/pl ain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Host: csde.stag.ct.gov:80 Connection: Keep-Alive

15 User Authentication Form Fill (Off-Shelf Systems) New System Login Login __________ Password _____________

16 Application Authentication Application Security LDAP calls to Edirectory Internal to Application LDAP Search = WilsonED Groups = DMS, NDS, SFTP, SSO

17 Application Authentication Application Role Based Security In Edirectory DS DS Executive DPS Officer JudicialLegislativeFederalMunicipality East Hartford ORI IAD CJIS COLLECT OBTS Dispatcher

18 In the Future Content Management Self Service

Download ppt "State of Connecticut Department of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Omni eControl. New Features in Version 2.x - Manage Mixed Networks: eDirectory, Active Directory, GroupWise, Exchange eControl Version 2.0 New Features.

Omni eControl. New Features in Version 2.x - Manage Mixed Networks: eDirectory, Active Directory, GroupWise, Exchange eControl Version 2.0 New Features.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.

Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Cross Site Request Forgery CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Cross Site Request Forgery CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.

CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.
Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.

Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.
The Internet 8th Edition Tutorial 1 Browser Basics.

The Internet 8th Edition Tutorial 1 Browser Basics.
Web Application Security 101 Steve Carter (special thanks to SPI Dynamics)

Web Application Security 101 Steve Carter (special thanks to SPI Dynamics)
UNIFORM RESOURCE LOCATOR (URL)

UNIFORM RESOURCE LOCATOR (URL)
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.

Similar presentations

Ads by Google