Presentation is loading. Please wait.

Presentation is loading. Please wait.

FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

Published byLeslie Gilmore Modified over 9 years ago

Similar presentations

Presentation on theme: "FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University"— Presentation transcript:

1 FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University http://fsuid.fsu.edu/admin

2 The Problems (2003) Individuals have to remember too many different names and passwords to access our systems; accounts were created on different web pages With new PeopleSoft ERP, we wanted to avoid yet another username & password We have too many LDAP directories, with almost the same information in each (need to consolidate!) Many of our systems (electronic and in-person) still rely on asking an individual for their Social Security Number as a method for authentication

3 The SSN Problem SSN is used as a method for authenticating students and employees via web and in-person challenges Mandates to protect & hide SSN abound SSN is still required for certain business processes (HR, external identity of students to Feds, etc.)

4 The Proposal (2003) This proposal is an attempt to combine identity terms and solve the SSN/multiple identity problem Proposal: –FSUID = new public “login name”/password –FSUSN = new “SSN-like” private number –A combined directory will manage this information

5 The Identity Problem C.A.R.S. (”ldap1”) –All students, faculty & staff plus visitors –Tied into automated systems on campus, such as FSUCard, HRMS, etc. –Used for authorizing “garnet/mailer” email servers, dialup service

6 The Identity Problem C.A.R.S. (”ldap1”) –Blackboard authentication

7 The Identity Problem O.P.S. (Secure Login; ”ldap2”) –All students, faculty & staff plus visitors –Tied into automated systems on campus, such as FSUCard, HRMS, etc. –Used for authorizing many administrative applications (many, but not all of which, were replaced by PeopleSoft functionality)

8 The Identity Problem Web registration for classes (SSN)

9 The Identity Problem Administrative Email (“@admin.fsu.edu”) –Managed in the enterprise “FSU” Microsoft Active Directory (Outlook users) –Semi-manual account management –Mostly used by some ~6,000 administrative employees

10 The Identity Problem Netware Account –Provides authentication & file service –Manual account management –Mostly used by some ~6,000 administrative employees

11 The Identity Merger (2004)

12 https://fsuid.fsu.edu

13 FSUID Initial Signup

14

15

16

17

18

19

20

21 FSUID Helpdesk Utility

22

23 Behind the Scenes Novell eDirectory 8.7.3.6 –Five production RedHat servers –Two development RedHat servers Separate iPlanet LDAP strictly for public employee attributes and quick searches Multitude of Perl scripts updating attributes All LDAP over SSL (port 636)

24 eDirectory Ring (production) One master node Four R/W replicants R/Ws can happen anywhere eDir will sync values over time (up to 30 mins) Housed in different physical locations All LDAP-reachable

25 Schema & eDir Details Schema is EduPerson compliant (200312) ~150 FSU-specific attributes (“fsuEduXXXX”) Many attributes are indexed to increase performance Use proxy accounts and ACLs to limit view of attributes to specific applications Used Perl for rapid app development and ease of data sources (LDAP, flat files, Oracle, AD, iPlanet, DB2, etc.)

26 Example of FSU-specific attribute

27 LDAP clients using FSUID authentication Central Authentication Service (CAS) instance, connecting Blackboard & FSUID PeopleSoft instances Business Objects instance VPN Concentrators directly or via RADIUS; BlueSocket boxes for Wireless A&A Java properties for business applications UNIX hosts

28 Departmental Identity Management Number of departments now use FSUID- driven data to manage their student & employee accounts Mostly Active Directories with information “pushed” via LDAPS (account creation, directory attribute updating, password resets, etc.)

29

30 Good, Bad & the Ugly DirXML –Main reason decided to purchase eDir instead of using, say, iPlanet or OpenLDAP because of PeopleSoft integration piece (real time directory updates from HR) –We have not implemented this as yet, alas “ndsd” (eDir daemon) –Multi-threaded –memory problems (crashes); still not fully resolved eDir’s unencrypted “database”

31

32

33 What Next? Shorten up “hire/admit to login” time lag Rewrite FSUID web pages as native Blackboard Java/JSP pages Merge more FSU identities into the FSUID directory Push FSUSN usage across campus Manage more departmental identities Set up production Shibboleth using this directory

Download ppt "FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University"

Similar presentations

automated single login access to Novell storage resources

automated single login access to Novell storage resources
Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
ADManager Plus Simplify Your Active Directory Management.

ADManager Plus Simplify Your Active Directory Management.
ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work.

ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
People Database project John Byrne. Project aims Improve current Computing Service resource management processes Provide a reference 'People Database'

People Database project John Byrne. Project aims Improve current Computing Service resource management processes Provide a reference 'People Database'
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Protecting Identities at FSU Principles of SSN replacement Jeff Bauer Florida State University

Protecting Identities at FSU Principles of SSN replacement Jeff Bauer Florida State University
Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland

Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Email Infrastructure Mark Rosenberg UCCSC. UCCSC – August 9, 2005 What is LBNL? A Department of Energy National Laboratory, operated by the University.

Infrastructure Mark Rosenberg UCCSC. UCCSC – August 9, 2005 What is LBNL? A Department of Energy National Laboratory, operated by the University.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
SIMI: ISO Perspective Al ISO CSU Northridge

SIMI: ISO Perspective Al ISO CSU Northridge
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.

Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.

Similar presentations

Ads by Google