Download presentation
Presentation is loading. Please wait.
Published byMarion Edwards Modified over 9 years ago
1
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005
2
Opening Slide Session Objectives: –Understand the Blackboard Academic Suite™ security and permissions architecture –Review options available Innovation –Discover opportunities Results/Outcomes –Improve service to users –Reduce support costs
3
Agenda Authorization Session Management Authentication –Configuration Options –Single Log-in –Single Sign-on Authorization Session Management Authentication User Identity Resources
4
Authorization Self Contained in Blackboard® GUI Configuration Allows the user to perform sets of actions Software driven Authorization Blackboard Database Blackboard Database User ID ??? Who are you? What do you want? Permission to see it. Permission to do it.
5
System Privileges course.images.MODIFY course.settings.MODIFY course-catalog.CREATE course-catalog.DELETE course-catalog.MODIFY course-catalog.settings.MODIFY course-categories.VIEW discussion-board.CREATE discussion-board.DELETE discussion-board.MODIFY discussion-board.VIEW email-all-instructors.EXECUTE email-all-students.EXECUTE email-all-users.EXECUTE email-support.MODIFY
6
Authorization and Session Management Session Manager maintains ID Authorization requests ID Authorization Session Management Who are you? User ID
7
Blackboard Session Management Session Launch Session Cookie/Table Timeout Stateful Session Management Cookie Session ID User ID Blackboard User ID
8
Sessions Across Servers Session Affinity Cookie-based Session Cache Load Balancer App1 File Server App2 App3 Database
9
User_ID Authentication Who are you? –How do we get the user ID? Can we trust you? –How do we secure the process? Session Management
10
Basic Workflow Authorization Session Management Authentication
11
Authentication Options Default Single Log-in –LDAP Single Sign-On –Web Server Delegation Windows (IIS) UNIX (Apache) Shibboleth –Custom Pass-Through Authentication
12
Default Blackboard Authentication Uses a Challenge/Response Mechanism Does not send the password over the network in “clear text” form Does not store passwords in “clear text” Authentication Properties = RDBMS
13
Challenge/Response Mechanism User Requests Login Page Server sends login page with Challenge User Enters Credentials; Credentials are submitted with Challenge and MD5 Encrypted Server receives credentials, uses challenge to compare the password with the MD5 password stored in the Bb database
14
Single Log-In Application1 Application3 username & password Application2 username & password Directory Service One Username and Password pair for multiple Applications
15
Blackboard LDAP Authentication Configuration setting “plugs” Blackboard into existing infrastructure and enables Single Login Provides for multiple directories and fallback for Blackboard only users LDAP v2, but…
16
Blackboard Directory Service HTTPS LDAP(S) username & password YES or NO Directory Service LDAP Authentication Security Configuration Fallback
17
Authentication Service/Gateway Authentication Service/Gateway Directory Service Single Sign-On Application1 Application3 username & password Application2 One Username and Password submission for all applications
18
Web Server Delegation Types –Apache Mods –IIS/Active Directory –Custom Reconcile, Create or Deny User Registry or Batch_UID
19
Web Server Delegation Blackboard Web Server User ID Session Management Authentication Remote_User
20
Authentication Service/Gateway Authentication Service/Gateway Institutional Single Sign-On Application1 Application3 Application2 WebServer Web Initial Sign-On
21
Pass Through Authentication Application 1 Authentication Session Mngr Blackboard Handler Session Mngr User ID Application 2 Handler Session Mngr Context –/webapps/blackboard/launch_external.jsp –Context Encryption
22
Log Out No workflow is complete without the LOG OUT procedures Review Use Cases!! Check sessions of all applications Application1 Application3 Application2
23
Closing Slide Innovating Together in ‘05: –Authorization, Session Management, Authentication –Authentication methods Resources Available: –Blackboard Authentication Manual –Blackboard Administrators Manual –Web Initial Sign-on (http://middleware.internet2.edu/webiso/) Follow up Contact(s): –Jeff Kelley, Solutions Engineer jkelley@blackboard.com IF YOU ONLY REMEMBER 1 THING: –Don’t forget to log out!
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.