Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,

Published byHeather Wilkins Modified over 7 years ago

Similar presentations

Presentation on theme: "Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,"— Presentation transcript:

1 Office of Information Technology http://www.oit.gatech.edu GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th, 2009

2 Who will this affect Today: OIT developers, OIT end users, OIT support staff Followed by: CSR’s, Campus Developers, Support Staff Finally: Almost every GT web user. Office of Information Technology http://www.oit.gatech.edu

3 login.gatech.edu GT branded as login.gatech.edu Standard SSO solution from JA-SIG called CAS (Central Authentication Service) Widely used and documented especially in higher ED Will replace webauth.gatech.edu Office of Information Technology http://www.oit.gatech.edu

4 What is changing? New features or functionality of login.gatech.edu Single Sign On by default: login once for many apps. SSO controls: i.e. force rechecking of password Central logout page for applications to use Application Registration: Reporting, Theme, Additional Attributes per application Complete CAS protocol support Lost features or functionality of webauth.gatech.edu No Bounce API: custom GT API presents security concern Office of Information Technology http://www.oit.gatech.edu

5 Migration Paths Sites moving to login.gatech.edu fall into one of two groups Each site may migrate independent of each other CAS or “old” API –Small configuration change –Similar or same protocols supported by login.gatech.edu –User will see new login site Bounce API –May require some development work –User facing change Office of Information Technology http://www.oit.gatech.edu

6 Site Statistics Monthly usage reports –Shows site API –Show unique users –Shows URL or host name Office of Information Technology http://www.oit.gatech.edu Top 3 Sites of 250 total SiteLoginsUsersAPI mail.gatech.edu94509422645Bounce t-square.gatech.edu44591217345CAS www.library.gatech.edu420558206CAS

7 User Experience Application page with login button –t-square Redirect through login.gatech.edu if no application session. –User sees login.gatech.edu and logs in if no SSO session –Login is authenticated with no intermediate page if SSO session exists Default behavior, user or application can override –Application or Web server can implement Office of Information Technology http://www.oit.gatech.edu

8 How To’s: http://share-it.gatech.edu/oit/iam/login-1 –As an apache module, replacement for basic auth –With php code or module –As an IIS plugin –As a java filter: tomcat, j2ee apps, etc. –Lots more! Office of Information Technology http://www.oit.gatech.edu

9 The logout dilemma Office of Information Technology http://www.oit.gatech.edu

10 Office of Information Technology http://www.oit.gatech.edu Today login.gatech.edu is available for early adopters Milestones Timelines Sunset webauth 2010 Dashboard/Wrapup

11 Office of Information Technology http://www.oit.gatech.edu News & Questions Passport Upgrade 5/16/2009 –Password expiration extended from 90 to 120 days –Employees can and should set published email via passport –Regular confirmation of GTENS and published email –GtAccount! No more AD vs Kerberos –Cleanup of hints and buzzcard Brown bag with CoC this summer –Replace your NIS infrastructure with GTED –Use GRS to manage roles and authorizations

Download ppt "Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,"

Similar presentations

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Catherine Metcalf | Dec. 2014 U.S. Department of Education 2014 FSA Training Conference for Financial Aid Professionals Introducing the FSA ID - The FSA.

Catherine Metcalf | Dec U.S. Department of Education 2014 FSA Training Conference for Financial Aid Professionals Introducing the FSA ID - The FSA.
Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.

Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
1May 2006 – Unit Liaison Meeting Two-Factor Authentication Project MToken Distribution Bill Wrobleski MAIS Joint UL Meeting May 24, 2006.

1May 2006 – Unit Liaison Meeting Two-Factor Authentication Project MToken Distribution Bill Wrobleski MAIS Joint UL Meeting May 24, 2006.
CUWebAuth Technical Presentation Pete Bosanko Identity Management Team.

CUWebAuth Technical Presentation Pete Bosanko Identity Management Team.
Authenticating REST/Mobile clients using LDAP and OERealm

Authenticating REST/Mobile clients using LDAP and OERealm
2007.02.11 The Dr ü G Book: An Intro to Drupal The Dr ü G Book: An Intro to Drupal (Dr ü G: Drupal User ’ s Group - users, not developers) This is an introduction.

The Dr ü G Book: An Intro to Drupal The Dr ü G Book: An Intro to Drupal (Dr ü G: Drupal User ’ s Group - users, not developers) This is an introduction.
Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.

Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.
INCOSE.ORG MIGRATION SharePoint 2013 Presented by Betty Morimoto.

INCOSE.ORG MIGRATION SharePoint 2013 Presented by Betty Morimoto.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The Central Authentication Service (CAS) Shawn Bayern Research programmer, Yale University Author, JSTL in Action, Web Development with JavaServer Pages.

The Central Authentication Service (CAS) Shawn Bayern Research programmer, Yale University Author, JSTL in Action, Web Development with JavaServer Pages.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.

Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
USCGrid A (Very Quick) Introduction To PubCookie

USCGrid A (Very Quick) Introduction To PubCookie
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

Similar presentations

Ads by Google