Presentation is loading. Please wait.

Presentation is loading. Please wait.

Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing Zach Garner.

Published byRalph Allison Modified over 9 years ago

Similar presentations

Presentation on theme: "Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing Zach Garner."— Presentation transcript:

1 Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing Zach Garner

2 Overview  Interfacing with an Existing Enterprise Infrastructure  Modifying Existing Applications  Future Directions

3 Pre-requisites  Requirements: Need a central, authoritative person directory Follow eduPerson, LDAP Recipe & other NMI standards/practices Directory is used for enterprise authentication (password assignment & resets)

4 Interfacing with Enterprise Authentication  Pubcookie supports LDAP, Kerberos or UNIX style authentication  At UAB, authenticate off of central username/password (“BlazerID”) via LDAP  Password is protected Type username/password into web browser Passed to Pubcookie Login server over SSL Use secure backchannel such as ldaps:// to directory

5 Outcome  Initial sign-on once a day allows access to all pubcookie-protected campus web sites without logging in again

6 Using Pubcookie  Install a pubcookie Apache or IIS module on each web server to be protected  Put protected information in a directory protected by this module  User’s attempts to access the URL  Pubcookie redirects them to login if they haven’t yet today; otherwise cookie credential is checked

7 Uses for Pubcookie  UAB has used Pubcookie for: Distributing software to members of the UAB community

8 Pubcookie Limitations  All authenticated users are equal; useful for resources available to entire campus only Library materials Licensed software  Usually, the target population is smaller Students in a particular school or class Faculty, staff, students in School of Engineering

9 Modifying Existing Applications  The Problem Many Web Applications create their own authentication system So, the user needs a username/password for each application  The Solution Pubcookie-enable those applications to use centralized username/password

10 Modifying Existing Applications  We Pubcookie-enabled two open source applications Bugzilla (Written in Perl) PHPWebsite (Written in PHP)  Similar changes were required for both applications

11 Modifications  Remove old user login/password web form Instead, Pubcookie authenticates the user Authenticated users can proceed if they also have a Bugzilla or PHPwebsite account  Change behavior of “Log Out” and “Change Password” pages

12 Future Directions  Modifying Pubcookie to support Client- Side SSL Certificates Enables authentication of users without a user remembering username/password  Modifying Pubcookie to support PAM for the authentication mechanism PAM is a standard system for flexibly using a large number of authentication systems.

13 Resources  Linux implementation of PAM www.kernel.org/pub/linux/libs/pam/ www.kernel.org/pub/linux/libs/pam/  Bugzilla www.bugzilla.orgwww.bugzilla.org  PHPWebsite http://phpwebsite.appstate.edu/

14 Academic Computing  David L. Shealy  Jill Gemmill  John-Paul Robinson  Jason Lynn  Kenn McCracken  Zach Garner  Ramesh Puljala  Rajani Sadasivam  Aditya Srinivasan

Download ppt "Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing Zach Garner."

Similar presentations

automated single login access to Novell storage resources

automated single login access to Novell storage resources
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
19 July 2005UAB-IBM Life Sciences Mtg, Hawthorne Center UAB IT Academic Computing David L Shealy, Director Jill Gemmill, Asst. Director John-Paul Robinson,

19 July 2005UAB-IBM Life Sciences Mtg, Hawthorne Center UAB IT Academic Computing David L Shealy, Director Jill Gemmill, Asst. Director John-Paul Robinson,
UAB NMI Testbed Program: Integrated Directory Services  Grid Computing UAB Middleware Team.

UAB NMI Testbed Program: Integrated Directory Services  Grid Computing UAB Middleware Team.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,

GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Presented by: Mark Hendricks

Presented by: Mark Hendricks
UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies

UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies
UPortal Authentication Options: Design and Application Shawn Bayern Research programmer, Yale University Author, Web Development with JavaServer Pages.

UPortal Authentication Options: Design and Application Shawn Bayern Research programmer, Yale University Author, Web Development with JavaServer Pages.
UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.

UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.
IS 118 Introduction to Development Tools Week 1. Things to Cover UCID WebCT AFS Visual Basic.net Running PHP.

IS 118 Introduction to Development Tools Week 1. Things to Cover UCID WebCT AFS Visual Basic.net Running PHP.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Similar presentations

Ads by Google