Presentation is loading. Please wait.

Presentation is loading. Please wait.

CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice 1.0.0 in October 2009 Integrated home-grown Faculty Merit.

Published byAlyson Theodora McCoy Modified over 9 years ago

Similar presentations

Presentation on theme: "CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice 1.0.0 in October 2009 Integrated home-grown Faculty Merit."— Presentation transcript:

1 CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS

2 UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice 1.0.0 in October 2009 Integrated home-grown Faculty Merit & Promotion system in February 2010 Upgraded to Rice 1.0.3.1 in August 2010 Integrated Kuali Financial System – phased implementation – August 2010 2

3 UCD KIM IMPLEMENTATION UC Davis has a homegrown aggregation system that pushes identity data into LDAP Identity Service is integrated with LDAP Makes calls to LDAP Service library which returns DTOs representing objects in any of three directories “Parses” the DTOs to build Entity and Principal objects [ getEntityInfo(), getPrincipalInfo(), etc. ] Authentication is configured for CAS KIM is the system of record for Roles, Groups, Permissions, and Responsibilities 3

4 IDENTITY DATA MAPPING Entity ID : Universal User ID in LDAP Principal IDs User Account IDs from account provisioning system exposed in LDAP System generated Principal Names Kerberos Login IDs from account provisioning system exposed in LDAP User defined Principal Names can change over time, but Principal IDs do not

5 FUTURE PLANS Upgrade to Rice 2.x – 2012 Kuali Financial System – full implementation – 2012 Kuali Coeus – 2012 Integrate KIM with Sun Identity Manager / Sun Role Manager Identity Roles Groups (possibly leverage Grouper & Sun products) Permissions & Responsibilities (maybe) 5

6 CASE STUDY: THE UNIVERSITY OF ARIZONA

7 THE UNIVERSITY OF ARIZONA Working on a KFS implementation UA netid is used for authentication Identity information is available in UA’s Enterprise Directory Service (EDS) Connect to EDS using Spring LDAP and overriding the KIM IdentityService In order to use the KIM GUI’s properly, the UIDocumentService is also overridden

8 KIM WITH LDAP Identity information is available in UA’s Enterprise Directory Service (EDS) Uses Spring LDAP as an adapter layer between Spring and LDAP datasource Uses KIM ParameterService to map between KIM and LDAP attributes Implement / Override KIM IdentityService In order to use the KIM GUI’s properly, the UIDocumentService is also overridden

9 KIM WITH LDAP Setup Spring LDAP module <bean id=”contextSource” … <bean id=”authenticationSource” … <bean id=”springSecurityAuthenticationSource ” … <bean id=”ldapTemplate ” …

10 KIM WITH LDAP The Spring LDAP integration and Kuali Rice ParameterService are injected into the EdsPrincipalDaoImpl instance. <bean id=”edsPrincipalDao” class=”edu.arizona.kim.dataaccess.impl.EdsPrincipalDaoImpl”> The EdsPrincipalDaoImpl is an implementation of PrincipalDao which connects to EDS and maps the principal and entity information into KIM domain objects.

11 SPRING CONFIGURATION EXAMPLE …

12 FIELD MAPPING PARAMETER entityId=uaid; principalId=uaid; principalName=uid; givenName=sn; principals.active=eduPersonAffiliation; lastName=sn; firstName=givenName; employmentInformation.employeeStatus=uwRegid.*; employmentInformation.employeeId=uwEmployeeID; names.lastName=sn; names.firstName=uwPersonRegisteredFirstMiddle

13 VALUE MAPPING PARAMETER principals.active.Y=staff,faculty,employee; principals.active.N=student,alum,affiliate;

14 KIM WITH LDAP Rice ParameterService maps EDS attributes to KIM KIM ClassAttribute NameEDS Attribute Name KimPrincipalInfoprincipalIduaid KimPrincipalInfoentityIduaid KimPrincipalInfoprincipalNameuid KimEntityNameInfolastNamesn KimEntityNameInfofirstNamegivenName KimEntityEmployementInformationInfoemployeeId KimEntityEmployementInformationInfoemailemployeeEmail …

15 KIM WITH LDAP Implement and Override KIM Services kimIdentityService getPrincipal() getPrincipalByPrincipalName() lookupEntities() getEntityDefaultInfo() … UiDocumentService loadEntityToPersonDoc() saveEntityPerson()

16 CASE STUDY: UNIVERSITY OF WASHINGTON

17 THE UNIVERSITY OF WASHINGTON Integration with.NET Completed a proof of concept Future plans for Rice, KFS, Kuali Student Existing Homegrown systems Several integration points

18 THE UNIVERSITY OF WASHINGTON LDAP integration KIM integration with home-grown system Hybrid solution Secure web services Source control and build process

19 THE UNIVERSITY OF WASHINGTON Kuali App Server Astra LDAP UW Org WS SAGE UW Security Handler UW Entity Service UW KIM Group Service UW KIM Role Service KIM RoleType Service Business Users End Users UW Workflow Service SAGE Post Processor Devs Kuali Rice Portal UI End Users

20 LDAP INTEGRATION Spring LDAP & Spring Security Modules Encryption Configuration Spring System parameters Mapping

21 ROLES AND GROUPS INTEGRATION JAX-WS used to generate Java classes Roles Mapped directly to ASTRA roles using convention ASTRA “span of control” mapped to KIM qualifiers Groups Mapped to specific roles within ASTRA

22 WORKFLOW INTEGRATION SimpleDocumentService Routing calls (create, route, approve, etc) Post Processor Callbacks through web services Notification to external system Route status changes (saved, initiated, enroute, final, etc) Route node changes (who has responsibility now) Qualifiers

23 OUTCOME AND FUTURE PLANS Highly functional All major integration points completed Code contributions Team confidence What’s Next?

Download ppt "CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice 1.0.0 in October 2009 Integrated home-grown Faculty Merit."

Similar presentations

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Towards Common Identity Services Tom Barton University of Chicago.

Towards Common Identity Services Tom Barton University of Chicago.
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,

Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am.

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Kuali Technology Mark Norton – Nolaria Consulting Zachary Naiman – Member Liaison, Kuali Foundation.

Kuali Technology Mark Norton – Nolaria Consulting Zachary Naiman – Member Liaison, Kuali Foundation.
Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.

Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.
Identity & Access Management Project Tom Board February 2006.

Identity & Access Management Project Tom Board February 2006.
Kuali Rice at Indiana University Important Workflow Concepts Leveraged in Production Environments July 29-30, 2008 Eric Westfall.

Kuali Rice at Indiana University Important Workflow Concepts Leveraged in Production Environments July 29-30, 2008 Eric Westfall.
University of California, Irvine 2012. All Rights Reserved UCI Kuali Day Access and Workflow August 21, 2012 U niversity of C alifornia, I rvine Accounting.

University of California, Irvine All Rights Reserved UCI Kuali Day Access and Workflow August 21, 2012 U niversity of C alifornia, I rvine Accounting.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
Accessing Saved Docs Accounts Receivable Payment Applications – saved docs can be edited by others PURAP Requisitions Saved docs can be edited by others.

Accessing Saved Docs Accounts Receivable Payment Applications – saved docs can be edited by others PURAP Requisitions Saved docs can be edited by others.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California ArcGIS Online Steps.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California ArcGIS Online Steps.
CRM On Demand Integration Capabilities Joerg Wallmueller CRM Sales.

CRM On Demand Integration Capabilities Joerg Wallmueller CRM Sales.
Open source administration software for education software development simplified KRAD Kuali Application Development Framework.

Open source administration software for education software development simplified KRAD Kuali Application Development Framework.
Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, 2009 9 a.m. -

Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -
Introduction to Kuali Rice Presented at Internet2 April 2009 Eric Westfall – Kuali Rice Project Manager Bill Yock – Vice Chair, Kuali Rice Board of Directors.

Introduction to Kuali Rice Presented at Internet2 April 2009 Eric Westfall – Kuali Rice Project Manager Bill Yock – Vice Chair, Kuali Rice Board of Directors.
Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.
James Smith, University of Arizona Barbara Sutton, Cornell University

James Smith, University of Arizona Barbara Sutton, Cornell University
Kuali Rice Technical Overview February 2011. Components of Rice  KEWKuali Enterprise Workflow  KNSKuali Nervous System  KRADKuali Rapid Application.

Kuali Rice Technical Overview February Components of Rice  KEWKuali Enterprise Workflow  KNSKuali Nervous System  KRADKuali Rapid Application.

Similar presentations

Ads by Google