THE COLLEGE OF WILLIAM AND MARY PORTAL2006 Andrew Bauserman wabaus@wm.edu Scott Hayes jshaye@wm.edu...

THE COLLEGE OF WILLIAM AND MARY PORTAL2006

Andrew Bausermanwabaus@wm.edu

Scott Hayesjshaye@wm.edu

Putting All the Eggs in One Basket

Using CPIP for integrationof Luminis—SSO withexternal web services

INFORMATION TECHNOLOGY THE COLLEGE OF WILLIAM AND MARY PORTAL2006

Prediction is especially difficult.Especially about the future.

Niels Bohr

THE COLLEGE OF WILLIAM AND MARY PORTAL2006

Andrew Bausermanwabaus@wm.edu

Scott Hayesjshaye@wm.edu

Using CPIP for integrationof Luminis—SSO withexternal web services

My agenda was hidden well.Now I don't know where I left it.

(Chagall Guevara, "Escher's World")

Putting All the Eggs in One BasketOverview

All the EggsOne BasketMitigating RiskPortal InfrastructurePutting the Eggs in the BasketSingle Sign-onCPIP IntegrationNetwork InfrastructureSorting the EggsImplementationDifficult Web ServicesSecurity Concerns

An ordinary genius is a fellow whom you and I would be just as good as, if we were only

many times better. There is no mystery as to how his mind works. Once we understand

what they've done, we feel certain that we, too, could have done it. It is different with the

magicians. Even after we understand what they have done it is completely dark.

(Mark Kac)

All the EggsPortal as Gateway to EverythingThe authoritative source for information and services

Course Registration, Course Evals, Grades (Banner)Admission, Financial Aid, HR, Payroll (Banner)Facilities Management, Other Admin AppsCourse Management System (Blackboard)Announcements and News (RSS)WebmailCalendarsDiscussion BoardsAuxiliaries (Bookstore, Express Card, Copy Center)Blogs, Wikis, and other Cool Things

One Ring to Rule them all...

(Tolkien)

One BasketThe Dangers of Success...

Don’t hatchet your counts before they chicken.Portal Timeout

How do external systems open?Within the Portal (frameset)In another window?The Portal times out while you’re taking a Blackboard testKeep alive polling

Portal LogoutAre other services open after the portal closes?

If Webmail tab is open when I hit logout on the Portal...

Public Access TerminalsClosing the browser session

One Basket

...and in the darkness bind them.

(Tolkien)

One BasketCareful What You Wish...The authoritative source for information and services

The Portal is DownScheduled Maintenance

Upgrades and patches“Unscheduled” Maintenance

Server goes downPortal goes downCPIP cannot connect

Now what?

In theory there is no difference between theory and practice. In practice there is.

(Yogi Berra)

Mitigating RiskKnow When the System is Down

Monitor, Poll, Alert

Present Users with OptionsOutage Page

Have some tricksAlternate Login Mechanism

My own strategy is to find a car, or the nearest equivalent, which looks as if it knows where it

is going and follow it.I rarely end up where I was intending to go,

but often I end up somewhere that I needed to be.

(Dirk Gently's Holistic Detective Agency)

Portal InfrastructureBasics of our “Outages” System

Cisco Content Services Switch (CSS)SSL managementPort-level forwardingLoad balancingFailoverRedirect on full failure

Outages serverJust a plain LAMP (or Solaris-Apache) serverCreate a page, directory, or vHost for each service

I love it when a plan comes together!

(Hannibal, The A-Team)

Putting the Eggs in the Basket

Who did you say you were, little fellow?Mister, I am the Lorax. I speak for the trees.

(Dr. Seuss)

Who are you and how did you get in here?I'm a locksmith. And, I'm a locksmith.

(Police Squad)

Who are you?No one of consequence.

(The Princess Bride)

Single Sign-onMethods for Handoffs

Several ways of getting external services to the user.Basic LinksLinks with simple identifiersSecure Single Sign-on (SSSO) via CPIPSSSO + Unique “Random” Handoff IdentifierSSSO + Post-Handoff Sign-on

Fact is there's nothin' out there you can't do.Yeah, even Santa Claus believes in you.

(The Muppet Movie, "Can You Picture That?”)

CPIP Integration

If we are wise, what is born of that pain matures into the promise of a better world,

because we learn that we can no longer afford the mistakes of the past.

(G'Kar in Babylon 5: "In the Beginning")

Network InfrastructureServer-to-Server Communications

Are communications really from the portal?Restrict by IP AddressCommunications Limited to a Private Subnet

Are handoff communications secure from interception?Tunnel via SSL

FYI - GET and POST variables are encrypted via SSLCommunicate over a Private Subnet

Possibly without SSL? Analyze the Risks...

"The major difference between a thing that might go wrong and a thing that cannot

possibly go wrong is that when a thing that cannot possibly go wrong goes wrong, it

usually turns out to be impossible to get at or repair."

Douglas Adams.

Sorting the Eggs

The first 90% of the code accounts for the first 90% of the development time

The remaining 10% of the code accounts for the other 90% of the development time.

(Tom Cargill)

ImplemetationThe Easy PartThe Campus Pipeline Integration Protocol

Coding the CPIP ConnectorGet a copy of “Campus Pipeline Integration Protocol”Visit LumDevNet for more samples and helpFor assistance translating to Perl or PHP

contact Andrew or Scott and we’ll try to help

The CPIP Actions (Coordinated Session Management)getConfigauthenticatedeauthenticatelastactive

[Y]ou've got it backwards.It's not death you have to be afraid of,

that's the easy part.It's life that you have to worry about.

(La Femme Nikita)

ImplementationThe Hard Part

The front-end handoff pageHacking the External Server’s Login Process

What happens when you login “normally” to the system?sets a Cookiecreates a Sessionmakes an entry in a database sessions tableother (dark?) processes

Receiving the handoffapply the same procedures that the “real” login system doesmake the handoff token non-reusabledirect the user to the external system’s main post-login page

I have tricks in my pocket, and I have things up my sleeve, but I am the opposite of a stage

magician. He gives you illusion that has the appearance of truth. I give you truth in the

pleasant disguise of illusion.

Tennessee Williams, The Glass Menagerie

Difficult Web ServicesThe Even Harder Part

Dealing with “Closed” systemsClosed Systems

Proprietary, Contract, Oft-Updated, etc.Cannot figure out (or gain access to) the things that happen during a “normal” login process

Hacking the “Closed” systemMake a generic jumping-off SSSO service with CPIPTake the handoff, then do something MORE

Option A: Use an API to handoff using some other protocol, shared secret, or form of trust (AlcoholEdu)Option B: Create accounts in the external system with “random” passwords and then log the user in via a 2-click process (Copy Center)

We will burn that bridge when we come to it.

(Johann Wolfgang von Goethe)

Security ConcernsA Few Points of Weakness

During CPIP Back-end HandoffOnly accept CPIP from known Luminis IP address?Is traffic secure (encrypted or on private subnet)?

During Front-end HandoffIs traffic secure (over SSL)?Does the token expire if not used?

After Front-end HandoffIs the token re-useable?

After Portal LogoutAre loosely coupled systems still logged in?

External “Hacked” Closed SystemIs the password algorithm still a secret?

Prove that all odd numbers are prime.Professor: 3 is prime, 5 is prime, 7 is prime,

and the rest are left as an exercise for the student.

http://www.gdargaud.net/Humor/OddPrime.html

THE COLLEGE OF WILLIAM AND MARY PORTAL2006 Andrew Bauserman wabaus@wm.edu Scott Hayes jshaye@wm.edu...

Documents

2018 CPIP WIPO Summer School - George Mason University

Theory of Knowledge - wm.edu

Newsletter - Massachusetts General Hospital...Pediatric Intensive Care Unit CPIP Alumni Symposium Award, Clinical Process Improvement Leadership Program Jeanette Ives Erickson, RN,

Curriculum-based Technology Integration … Teachers’ Technological Pedagogical Content Knowledge: Curriculum-based Technology Integration Reframed Judith B. Harris (judi.harris@wm.edu)

Click, Clack, Who? Children Write, too! Going beyond the Haiku! Dr. Kathy Bauserman Indiana State University Kathryn.bauserman@indstate.edu Jennifer Perez

Estate Planning for Modern Times - wm.edu

By Jace Bauserman Parker Challenger - Parker Bows - Crossbows

Strengthen alumni engagement - wm.edu MEETING • November 2017 2 Campaign Goals Strengthen alumni engagement Achieve 40 percent alumni participation Raise $1 billion

Session 13 CPIP Formulation Process Project for Capacity Development for Implementing the Organic Law at the Capital and Provincial Level (PILAC 2)

Get ready for learning! Tina Spencer The College of W & M T/TAC VDOE clspen@wm.edu

Section 1.2 Row Reduction and Echelon Forms · 2016. 1. 24. · Section 1.2 Row Reduction and Echelon Forms Gexin Yu gyu@wm.edu College of William and Mary Gexin Yu gyu@wm.edu Section

Patricia A. Popppxpopp@wm.edupxpopp@wm.edu Jani Koesterjkoester@madison.k12.wi.usjkoester@madison.k12.wi.us Kimberly Pickleskpickles106@gmail.comkpickles106@gmail.com

Brax book - wm.edu

Rusty Morrison, CPIP - ISPE Boston · Rusty Morrison, CPIP Senior Consultant, CAI Consulting ISPE Boston Product Show, October 5, 2016 ... CMO –Contact Manufacturing Organization

Adolescent Literacy and Academic Behavior Self-Efficacy Survey (ALAB) Sharon deFur, Virginia SPDG Evaluation sharon.defur@wm.edu March 2013

Patricia A. Popp, Ph.D. The College of William and Mary pxpoppp@wm.edu National Center for Homeless Education July 11, 2013

INTRODUCTION SHARON HARRINGTON TRAVEL MANAGER slharrington@wm.eduslharrington@wm.edu (757) 221-3445 January 2014

Interagency Collaboration: Transition’s Reality Show Sharon deFur shdefu@wm.edu Jeanne Repetto jrepetto@ coe.ufl.edu

Forest Ecology and Management: How Does a Forest Grow - wm.edu

RPLQDWLRQ - wm.edu