Download presentation
Presentation is loading. Please wait.
1
Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database
2
Road Map Authentication/Security Overview Release 6 Authentication Options Custom Authentication Authentication Demos Review/Open Discussion
3
Authentication Concepts Ensures that you are who you say you are! Most schemes require the user to present a set of credentials In the form of a username/password, or others Referred to as End User Authentication (EUA)
4
EUA Options in Release 6
5
Blackboard Learning and Community Portal System™ (Release 6) offers several options “out of the box” solutions One option for all Vls Set in authentication. Properties (file)
6
EUA Options Blackboard Default (RDBMS) LDAP Webserver Delegation Passport Custom
7
Default Authentication (RDBMS) Standard with Blackboard Learning System™(Release 6) Form to enter in their user id and password
8
Default Authentication Customization Options –Users can customize login page via UI –Direct Portal Entry MD5 Passwords are stored in Bb Database Uses a challenge/response mechanism for increased security
9
Challenge/Response Mechanism Does not send the password over the network in “clear text” form Prevents “sniffing” of passwords
10
Challenge/Response Mechanism User Requests Login Page Server sends login page with Challenge User Enters Credentials; Credentials are submitted with Challenge and MD5 Encrypted Server receives credentials, uses challenge to compare the password with the MD5 password stored in the Bb5 database
11
EUA Option: LDAP Can configure to go against an external LDAP directory Standard Bb Login Screen Used Matches against the user id in the Blackboard database SSL enabling Blackboard strongly encouraged
12
EUA Option:Webserver Authenticates information based on the user passed via HTTP to the authentication module. Checks for the existence of the “remote-user” variable. User is reconciled with users already in the Bb Database (more on this later) Windows—Automatically installs an ISAPI filter to add this information based on the Windows Domain (Windows Integrated) UNIX—Add-ins for Apache are required
13
EUA Option: Passport Requires users to login using a Microsoft Passport Functionally similar to Webserver auth
14
User Reconciliation Options User is received from external system What to do if user is not found in system In Release 6: –Webserver and Passport
15
Reconciliation Process The Auth module receives the external credential –Windows Auth: Windows Domain/User ID (e.g. DC/tjoyce) –Passport: PUID (Passport Unique ID) The User Registry is searched for the external credential If found, then the user is authenticated
16
Reconciliation Process, Cont’d If user is not found, depends on user_account setting: –Reconcile: Present the user with a form –Create: Create the user based on external ID –Deny: Do not authenticate the user
17
User Option: Reconcile User is presented with a screen and prompted to enter in Bb Credentials MUST exist in the Blackboard database! The external user is associated with that Blackboard user
18
User Option: Create User is automatically created in the Blackboard database based on the external credential –Webserver: webserver-user-xxxx –Passport: passport-user-xxxx User or Admin can change personal info
19
User Option: Deny User not in User Registry = No access
20
Reconciliation Option Pitfalls Info is stored in the User Registry Not accessible by Snapshot or UI. Non-Public methods exist to get the data via the Java API May be addressed in 6.2
21
EUA Option: Custom Authentication API Java API is part of B2 program B2 Developers should use this for custom authentication modules
22
Authentication API (HttpAuthModule) void init(ConfigurationService cfg) boolean isAuthenticated(HttpServletRequest request) throws BbSecurityException; String doAuthenticate(HttpServletRequest request, HttpServletResponse response) void doLogout(HttpServletRequest request, HttpServletResponse response) void requestAuthenticate(HttpServletRequest request, HttpServletResponse response) public String getAuthType(); public String[] getPropKeys(); public void setConfig( HttpAuthConfig config );
23
API Details void init(ConfigurationService cfg) –Called upon Tomcat initialization public String getAuthType(); –Must return a String (i.e., “customauth”) public String[] getPropKeys(); –Return an array of properties for this authentication –At a minimum, “impl” should be returned here to specify the class name of the custom module
24
API Details (cont’d) public void setConfig( HttpAuthConfig config ); –Handle to the configuration properties for the autentication void requestAuthenticate (HttpServletRequest request, HttpServletResponse response) –Called when Blackboard requires authentication –Can set this to a web page, login form, or do nothing.
25
API Details (cont’d) String doAuthenticate (HttpServletRequest request, HttpServletResponse response) –Does the implementation-specific work of authenticating the user –Return the user id if successful, null if not (can also throw a BbSecurityException)
26
API Details (cont’d) boolean isAuthenticated (HttpServletRequest request) throws BbSecurityException; –This is deprecated; can return true here Caveat: As of 6.0.10, you MUST subclass BaseAuthenticationModule! –This has been identified as a bug and will be fixed in a future release
27
Authentication Configuration 2 Files: –bb-config.properties –authentication.properties Run PushConfigUpdates after changing any values Load Balanced Systems
28
Config File: bb-config.properties bbconfig.auth.type= –rdbms, ldap, webserver, passport, or “custom”
29
Config File: authentication.properties Entries in the form: –auth.type.. = Example: –auth.type.rdbms.use_challenge=true –auth.type.ldap.error_fallback_to_bb=false
30
Demo: Custom Auth Code CustomAuthModule.java –Implement HttpAuthModule.java –MUST subclass BaseAuthenticationModule (this is a bug) –Build jar, move jar to Tomcat lib/apps (windows) –Edit authentication.properties, bb- config.properties –Restart Tomcat
31
Summary Several Different Authentication Options are available for Release 6 B2 Developers can develop Custom Authentication modules Numerous Possibilities exist for custom authentication modules (SSO, Kerberos, etc.)
32
Q&A/Open Discussion Tom Joyce, Product Manager, Platform, Architecture and Database BBDN
33
Thank You Demos to Follow >
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.