project overview single sign on solution robin lilly
TRANSCRIPT
![Page 1: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/1.jpg)
Project OverviewProject Overview
Single Sign On Solution
Robin Lilly
![Page 2: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/2.jpg)
Description of Single Sign OnDescription of Single Sign On
Single sign will allow user to sign on to UTEP’s system one time and be logged into all the diverse systems from that one session. – Exchange Mail– DotNetNuke Portals– CA’s CleverPath – GoldMine
![Page 3: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/3.jpg)
Single Sign On GoalsSingle Sign On Goals
FeasibleScalableSecureWithin budgetImmediate solutionMeets future needsIndependent of 3rd party systems
![Page 4: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/4.jpg)
Some Problems EncounteredSome Problems Encountered
Dependence on CleverPath– Password to use in other systems was stored in
CleverPath– Retrieval of Password will never be successful based on
current API Request & Response objects CleverPath XML API problems
– No API to keep session alive when not in CleverPath– No successful creation of CleverPath Session without
redirecting to CleverPath– No API ability to kill CleverPath session – Session Info is stored in CleverPath
![Page 5: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/5.jpg)
SolutionSolution
Store’s session/password informationPass request & response objects Build independent solution
![Page 6: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/6.jpg)
Look at some uses of Single Sign OnLook at some uses of Single Sign On
Sign On to SystemCheck if I’m signed on
![Page 7: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/7.jpg)
CleverPathAPI
Active Directory
UsersUsers
iPlanet
ValidationValidation
Session DataSession Data(Session, Password, UserName)(Session, Password, UserName)
Session CookieSession Cookie(Session & Salt)(Session & Salt)
Other System
UI - User LoginUI - User Login
Create Session InfoCreate Session Info(SessionID, Encrypted Password, Salt)(SessionID, Encrypted Password, Salt)
Sign OnSign On
![Page 8: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/8.jpg)
Check if I’m Signed On Check if I’m Signed On
Gold
Mine
Clever
Path
Is Session Is Session Active in Active in GoldMineGoldMine
Is Session Is Session Active in Active in
Clever PathClever Path
Various UTEP Various UTEP Sites Sites Session StatusSession Status
Goldmine
It site
CleverPath
Is Session Is Session Active in Active in DatabaseDatabase
Various UTEP Various UTEP Sites Sites
Goldmine
It site
CleverPath
![Page 9: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/9.jpg)
ClassesClasses
Talk about supporting classes– Registry–MyRegistry– Rijndael– SessionInfo
See Page 2 of SingleSignOn Document
![Page 10: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/10.jpg)
Users Session ClassesUsers Session Classes
UsersDB class wraps the UserSessionInfo table
UserCredentials class is passed the Session & Salt at instantiation– It then makes a call to GetUserSession– It then decrypts the password with a call to
Rijndael
![Page 11: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/11.jpg)
UserAttributes ClassUserAttributes Class
UserAttributesInit()– Get Session Info from the
cookie (SSO Class)– Gets UserCredentials from
Database– GetUserAttributes()• Call iPlanet XML for attributes
See Page 3 of SingleSignOn Document
![Page 12: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/12.jpg)
Single Sign On ClassSingle Sign On Class
ConstructorsIsActiveSession()– Get Cookie Info– Check Database if
Session is valid– Check other systems
active
See Page 4-6 of SingleSignOn Document
![Page 13: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/13.jpg)
Single Sign On Class (cont.)Single Sign On Class (cont.)
LogIn(UserID,Password), – Remove Old Session & Cookies– Generate Salt– AuthenticateUser(UserID, Password) • Call CleverPath XML API to Create Session
– Store Session in Cookie and Database
See Page 7-8 of SingleSignOn Document
![Page 14: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/14.jpg)
Single Sign On Class (cont.)Single Sign On Class (cont.)
LogOut()– Calls RemoveSession()– Calls RemoveCleverPathCookie()
RemoveSession()– Removes Cookie & Database Entry
RemoveCleverPathCookie()– Removes CleverPath Cookie
See Page 9 of SingleSignOn Document
![Page 15: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/15.jpg)
Single Sign On Class (cont.)Single Sign On Class (cont.)
GetSessionInfo()– Get Session Cookie– Put SessionId and Salt into SessionInfo
See Page 10 of SingleSignOn Document
![Page 16: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/16.jpg)
Single Sign On Class (cont.)Single Sign On Class (cont.)
SetSessionCookie(SessionID,Salt)–Writes an in memory cookie with
SessionID and Salt OutSetCleverPathSessionStillActive(Ses
sionID)– Changes CleverPath Cookie to still be
active
See Page 11-12 of SingleSignOn Document
![Page 17: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/17.jpg)
Single Sign On Class (cont.)Single Sign On Class (cont.)
GetSignOnURL(RedirectPage)– Returns the URL of the signon page
with the return page as the page passed in
See Page 13 of SingleSignOn Document
![Page 18: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/18.jpg)
Things CA should doThings CA should do
Changes to CleverPath API or do our own fix– Is Session Active– Remove Session– Keep Session Active
Fix CleverPath to go to Logout ScreenFix CleverPath to go to Logon Screen
![Page 19: Project Overview Single Sign On Solution Robin Lilly](https://reader037.vdocuments.us/reader037/viewer/2022103122/56649cdf5503460f949a8b6b/html5/thumbnails/19.jpg)
ConclusionConclusion
No significant under site on designControl with UTEP not CACan grow with UTEPProbably have some new classes:– CASystem Class– GoldMineSystem Class–…