Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.

Published byAngelica Oliver Modified over 8 years ago

Similar presentations

Presentation on theme: "Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH."— Presentation transcript:

1 Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH

2 Page 2 Overview Architecture Web PIV authentication Flow Application integration Integration Services Center (ISC) Contact: NIHISCSupport@mail.nih.gov

3 Page 3 Architecture integration Services Center (ISC) Contact: NIHISCSupport@mail.nih.gov

4 Page 4 NIH Login AuthN Flow Part 1 User attempts to access a web resource. AuthN session valid? NIH Login displays login screen. User selects PIV card authentication. NIH Login requests certificate from browser. Access to requested web resource. Yes No Integration Services Center (ISC) Contact: NIHISCSupport@mail.nih.gov

5 Page 5 NIH Login AuthN Flow Part 2 Does the browser respond with a cert. Is cert issued by a trusted CA? Is cert revoked ? (Verified via OCSP) Parse cert attributes. Is cert a PIV card? Display cert not found error. Display cert not trusted error. Display cert revoked. Display PIV card not found. Yes No Yes No Integration Services Center (ISC) Contact: NIHISCSupport@mail.nih.gov

6 Page 6 NIH Login AuthN Flow Part 3 Encrypted token sent to Policy Server via web agent. Map Cert Attributes to a NIH AD account. Is a user found? HTTP headers includes user attributes plus AuthNContext = 460. Redirected to requested resource. Access to requested web resource. Display user mapping error. Yes No Integration Services Center (ISC) Contact: NIHISCSupport@mail.nih.gov

7 Page 7 Application Integration New applications –SiteMinder Web Agent –Process the HTTP headers Current NIH Login protected apps –Authentication Scheme change Step-up authentication How to determine what credential was used? Integration Services Center (ISC) Contact: NIHISCSupport@mail.nih.gov

8 Page 8 Determine AuthN Context NIST LOANIH Login LOA Range AuthN Context 1100-199OpenID120 SAML130 InfoCard140 2200-299eRA Commons user/pass 230 NIH AD user/pass260 3300-399InfoCard340 4400-499HHS issued PIV to NIH User 460 Integration Services Center (ISC) Contact: NIHISCSupport@mail.nih.gov

9 Page 9 Lets Get Started! NIH ISC Support NIHISCSupport@mail.nih.gov Integration Services Center (ISC) Contact: NIHISCSupport@mail.nih.gov

Download ppt "Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH."

Similar presentations

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.

NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
User signs in to WindowsUser is signed in to your app 12.

User signs in to WindowsUser is signed in to your app 12.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.
魂▪創▪通魂▪創▪通 2013. 11. 15. Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

Similar presentations

Ads by Google