Upload
meredith-hardy
View
216
Download
1
Embed Size (px)
Citation preview
Project OverviewProject Overview
Single Sign On Solution
Robin Lilly
Description of Single Sign OnDescription of Single Sign On
Single sign will allow user to sign on to UTEP’s system one time and be logged into all the diverse systems from that one session. – Exchange Mail– DotNetNuke Portals– CA’s CleverPath – GoldMine
Single Sign On GoalsSingle Sign On Goals
FeasibleScalableSecureWithin budgetImmediate solutionMeets future needsIndependent of 3rd party systems
Some Problems EncounteredSome Problems Encountered
Dependence on CleverPath– Password to use in other systems was stored in
CleverPath– Retrieval of Password will never be successful based on
current API Request & Response objects CleverPath XML API problems
– No API to keep session alive when not in CleverPath– No successful creation of CleverPath Session without
redirecting to CleverPath– No API ability to kill CleverPath session – Session Info is stored in CleverPath
SolutionSolution
Store’s session/password informationPass request & response objects Build independent solution
Look at some uses of Single Sign OnLook at some uses of Single Sign On
Sign On to SystemCheck if I’m signed on
CleverPathAPI
Active Directory
UsersUsers
iPlanet
ValidationValidation
Session DataSession Data(Session, Password, UserName)(Session, Password, UserName)
Session CookieSession Cookie(Session & Salt)(Session & Salt)
Other System
UI - User LoginUI - User Login
Create Session InfoCreate Session Info(SessionID, Encrypted Password, Salt)(SessionID, Encrypted Password, Salt)
Sign OnSign On
Check if I’m Signed On Check if I’m Signed On
Gold
Mine
Clever
Path
Is Session Is Session Active in Active in GoldMineGoldMine
Is Session Is Session Active in Active in
Clever PathClever Path
Various UTEP Various UTEP Sites Sites Session StatusSession Status
Goldmine
It site
CleverPath
Is Session Is Session Active in Active in DatabaseDatabase
Various UTEP Various UTEP Sites Sites
Goldmine
It site
CleverPath
ClassesClasses
Talk about supporting classes– Registry–MyRegistry– Rijndael– SessionInfo
See Page 2 of SingleSignOn Document
Users Session ClassesUsers Session Classes
UsersDB class wraps the UserSessionInfo table
UserCredentials class is passed the Session & Salt at instantiation– It then makes a call to GetUserSession– It then decrypts the password with a call to
Rijndael
UserAttributes ClassUserAttributes Class
UserAttributesInit()– Get Session Info from the
cookie (SSO Class)– Gets UserCredentials from
Database– GetUserAttributes()• Call iPlanet XML for attributes
See Page 3 of SingleSignOn Document
Single Sign On ClassSingle Sign On Class
ConstructorsIsActiveSession()– Get Cookie Info– Check Database if
Session is valid– Check other systems
active
See Page 4-6 of SingleSignOn Document
Single Sign On Class (cont.)Single Sign On Class (cont.)
LogIn(UserID,Password), – Remove Old Session & Cookies– Generate Salt– AuthenticateUser(UserID, Password) • Call CleverPath XML API to Create Session
– Store Session in Cookie and Database
See Page 7-8 of SingleSignOn Document
Single Sign On Class (cont.)Single Sign On Class (cont.)
LogOut()– Calls RemoveSession()– Calls RemoveCleverPathCookie()
RemoveSession()– Removes Cookie & Database Entry
RemoveCleverPathCookie()– Removes CleverPath Cookie
See Page 9 of SingleSignOn Document
Single Sign On Class (cont.)Single Sign On Class (cont.)
GetSessionInfo()– Get Session Cookie– Put SessionId and Salt into SessionInfo
See Page 10 of SingleSignOn Document
Single Sign On Class (cont.)Single Sign On Class (cont.)
SetSessionCookie(SessionID,Salt)–Writes an in memory cookie with
SessionID and Salt OutSetCleverPathSessionStillActive(Ses
sionID)– Changes CleverPath Cookie to still be
active
See Page 11-12 of SingleSignOn Document
Single Sign On Class (cont.)Single Sign On Class (cont.)
GetSignOnURL(RedirectPage)– Returns the URL of the signon page
with the return page as the page passed in
See Page 13 of SingleSignOn Document
Things CA should doThings CA should do
Changes to CleverPath API or do our own fix– Is Session Active– Remove Session– Keep Session Active
Fix CleverPath to go to Logout ScreenFix CleverPath to go to Logon Screen
ConclusionConclusion
No significant under site on designControl with UTEP not CACan grow with UTEPProbably have some new classes:– CASystem Class– GoldMineSystem Class–…