1. A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Password Manager Using Luminis APIs Presented by: Ron Romao Savannah College of Art and Design March, 2007 Course ID 1012

2. 2 Password Manager Using Luminis APIs Web application using Java and JSP Uses Luminis Data Access API Uses CAS to protect parts of the application

3. A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 3 I Will Discuss What we did - Custom Password Change Application Why we did it - Reduce Help Desk Calls - Log Password Changes How we did it - Technologies Used - Process Explained - Challenges Encountered

4. 4 Course ID 1012 Password Manager – Web Application Allows users to reset their passwords  Using their Banner security question Allows Helpdesk staff to reset user passwords Extra logging capabilities  Allow us to track more data

5. 5 Course ID 1012 How : Process Explained : Forgot and Change Password Page

6. 6 Course ID 1012 How : Process Explained : Help Desk Page

7. 7 Course ID 1012 What : Custom Password Change Application Stand alone Web Application  Written in Java and JSP  Running on Tomcat  Updates custom database tables  Logs Password Changes  CAS Protected

8. A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 8 Why we did it - Needs for this project - Benefits

9. 9 Course ID 1012 Why : Main Reasons Decrease Help Desk calls  Users can reset their password Log password changes  Auditing Purposes Who changed the password (HD or self change) When password was changed

10. 10 Course ID 1012 Why : Benefits Increase productivity for end users  By avoiding unnecessary calls to Help Desk Improves end user satisfaction  User feels more in control of their password Easier password reset process  Easy to use password page

11. A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 11 How We did it - Technologies used - Process explained - Challenges Encountered

12. 12 Course ID 1012 How : Technologies Used Java, JSP and Servlets Tomcat Luminis Data Access API CAS

13. 13 Course ID 1012 How : Process Explained JSP Pages  Forgot Password - Self help  Change Password - Self help (link in Luminis)  Help Desk Change Password – Help Desk use only  Logout (invalidates session)

14. 14 Course ID 1012 How : Process Explained Forgot Password Page  Reset password by answering Banner security question  Future improvements Reset Luminis password by providing Novell login information

15. 15 Course ID 1012 How : Process Explained : Help Desk Page Help Desk Page  Help Desk use only  User requesting password change Come to HD – Show SCAD ID Call HD – Staff verify user information  HD save notes for the request  Everything gets logged!

16. 16 Course ID 1012 How : Process Explained CAS Protection  All pages are CAS protected User need to be logged into Luminis portal  valid CAS ticket Except Forgot Password page  Unauthorized users sent to Luminis login page.

17. 17 Course ID 1012 web-xml file … CAS Filter edu.yale.its.tp.cas.client.filter.CASFilter edu.yale.its.tp.cas.client.filter.loginUrl https://myscad.scad.edu/cp/cas/login?service=http://myscad.scad.edu:8080/changepassword/cas /redirect.jsp edu.yale.its.tp.cas.client.filter.validateUrl https://myscad.scad.edu/cp/cas/serviceValidate edu.yale.its.tp.cas.client.filter.serverName myscad.scad.edu:8080 CAS Filter /cas/* …

18. 18 Course ID 1012 How : Process Explained : Luminis API Java class using Luminis Data Access API  Create DAManager stub  Call Web Service method “modify” PasswordModification class changes Luminis password ExternalSystemAccountModification class changes the password in Banner

19. 19 Course ID 1012 How : Process Explained : Creating the Service System.setProperty("java.class.path", classPath); System.setProperty( "javax.xml.rpc.ServiceFactory "com.sct.pipeline.webservice.client.JAXRPCServiceFactory" ); Service service = null; ServiceFactory sf = ServiceFactory.newInstance(); service = sf.createService( QName.valueOf( "{urn:pipeline.sct.com:webservice:da:200306:soap}da" )); Stub stub = (Stub)service.getPort( DAManager.class ); stub._setProperty (javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, "http://" + host + "/ws/webservice/da/200306/soap/DAManager" ); stub._setProperty ( "javax.xml.rpc.security.auth.username", userName ); stub._setProperty ( "javax.xml.rpc.security.auth.password", passWord ); svc = (DAManager)stub;

20. 20 Course ID 1012 How : Process Explained : Modifying the Password ModifyParams mp = new ModifyParams(); mp.setBoId( new BOID( BusinessObjectTypeEnum.USER, userId ) ); PasswordModification pm = new PasswordModification( "PASSWORD", new PasswordPair(newPass, newPass), ModOperationTypeEnum.REPLACE ); Modification[] mods = new Modification[ 1 ]; mods[ 0 ] = pm; mp.setModifications( mods ); svc.modify( mp ); // Modify Password ExternalSystemAccount[] esa = new ExternalSystemAccount[ 1 ]; esa[ 0 ] = new ExternalSystemAccount( "SCT", userId, pin); ExternalSystemAccountModification esaMod = new ExternalSystemAccountModification( "EXTERNALSYSTEMACCOUNTS", esa, ModOperationTypeEnum.ADD ); mods[ 0 ] = esaMod; mp.setModifications( mods ); svc.modify( mp ); // Modify PIN fpass.setGobtpac(userId); // Updates gobtpac to trigger an event

21. 21 Course ID 1012 How : Process Explained Password Rules  Must be at least 8 characters long  Must include at least one number and one alphabetic character  Must NOT include spaces or any of the following characters: #,+"\<>;@&$~=*%!{}()/:[]'?  Enforced on the server side

22. 22 Course ID 1012 Challenges WSDL Issue  Web Service WSDL not found  Service could not be created  Solution found Changed classpath inside application. Pointed to WSDL file location System.setProperty("java.class.path", classPath);

23. 23 Course ID 1012 Challenges Issues with SSO to SSB  Altered baseline trigger  Update activity date on GOBTPAC  Everybody is happy.

24. 24 Course ID 1012 Summary Our Password Management Solution allows user to reset forgotten passwords securely, allowing us to implement stronger policies while reducing help desk calls. It also allows Help Desk to reset user passwords.

25. 25 Course ID 1012 Summary Application built using Java, JSP and Web Services to provide an easy to use interface for users to maintain their own passwords. It uses Luminis Data Access API to change passwords in Luminis and Banner. It uses events to carry changes to external systems. Uses CAS to protect application from unauthorized users.

26. 26 Course ID 1012 Questions ?

27. 27 Course ID 1012 Thank You! Ron Romao Web Programmer Savannah College of Art and Design rromao@scad.edu Please complete the online class evaluation form Course ID 1012 SunGard, the SunGard logo, Banner, Campus Pipeline, Luminis, PowerCAMPUS, Matrix, and Plus are trademarks or registered trademarks of SunGard Data Systems Inc. or its subsidiaries in the U.S. and other countries. Third-party names and marks referenced herein are trademarks or registered trademarks of their respective owners. © 2007 SunGard. All rights reserved.