Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project Overview Single Sign On Solution Robin Lilly.

Similar presentations

Presentation on theme: "Project Overview Single Sign On Solution Robin Lilly."— Presentation transcript:

1 Project Overview Single Sign On Solution Robin Lilly

2 Description of Single Sign On Single sign will allow user to sign on to UTEP’s system one time and be logged into all the diverse systems from that one session. –Exchange Mail –DotNetNuke Portals –CA’s CleverPath –GoldMine

3 Single Sign On Goals Feasible Scalable Secure Within budget Immediate solution Meets future needs Independent of 3 rd party systems

4 Some Problems Encountered Dependence on CleverPath –Password to use in other systems was stored in CleverPath –Retrieval of Password will never be successful based on current API Request & Response objects CleverPath XML API problems –No API to keep session alive when not in CleverPath –No successful creation of CleverPath Session without redirecting to CleverPath –No API ability to kill CleverPath session –Session Info is stored in CleverPath

5 Solution Store’s session/password information Pass request & response objects Build independent solution

6 Look at some uses of Single Sign On Sign On to System Check if I’m signed on

7 CleverPath API Active Directory Users iPlanet Validation Session Data (Session, Password, UserName) Session Cookie (Session & Salt) Other System UI - User Login Create Session Info (SessionID, Encrypted Password, Salt) Sign On

8 Check if I’m Signed On CleverPath API Active Directory DNN iPlanet Validation Session Data (Session, Password, & UserName) Session Cookie (Session & Salt) Other System Session Cookie (Session & Salt) Create Session Info (SessionID, Encrypted Password, Salt) Gold Mine Clever Path Is Session Active in GoldMine Is Session Active in Clever Path Various UTEP Sites Session Status Goldmine It site CleverPath Is Session Active in Database Various UTEP Sites Goldmine It site CleverPath

9 Retrieve Attributes of My Self New technology being used –Benefits Standards being adopted –Benefits Standards specifically being ignored –Drawbacks & benefits DYA: define your acronyms! Validation Active Directory CleverPath OtherUsers

10 Classes Talk about supporting classes –Registry –MyRegistry –Rijndael –SessionInfo See Page 2 of SingleSignOn Document

11 Users Session Classes UsersDB class wraps the UserSessionInfo table UserCredentials class is passed the Session & Salt at instantiation –It then makes a call to GetUserSession –It then decrypts the password with a call to Rijndael

12 UserAttributes Class UserAttributesInit() –Get Session Info from the cookie (SSO Class) –Gets UserCredentials from Database –GetUserAttributes() Call iPlanet XML for attributes See Page 3 of SingleSignOn Document

13 Single Sign On Class Constructors IsActiveSession() –Get Cookie Info –Check Database if Session is valid –Check other systems active See Page 4-6 of SingleSignOn Document

14 Single Sign On Class (cont.) LogIn(UserID,Password), –Remove Old Session & Cookies –Generate Salt –AuthenticateUser(UserID, Password) Call CleverPath XML API to Create Session –Store Session in Cookie and Database See Page 7-8 of SingleSignOn Document

15 Single Sign On Class (cont.) LogOut() –Calls RemoveSession() –Calls RemoveCleverPathCookie() RemoveSession() –Removes Cookie & Database Entry RemoveCleverPathCookie() –Removes CleverPath Cookie See Page 9 of SingleSignOn Document

16 Single Sign On Class (cont.) GetSessionInfo() –Get Session Cookie –Put SessionId and Salt into SessionInfo See Page 10 of SingleSignOn Document

17 Single Sign On Class (cont.) SetSessionCookie(SessionID,Salt) –Writes an in memory cookie with SessionID and Salt Out SetCleverPathSessionStillActive(Ses sionID) –Changes CleverPath Cookie to still be active See Page 11-12 of SingleSignOn Document

18 Single Sign On Class (cont.) GetSignOnURL(RedirectPage) –Returns the URL of the signon page with the return page as the page passed in See Page 13 of SingleSignOn Document

19 Things CA should do Changes to CleverPath API or do our own fix –Is Session Active –Remove Session –Keep Session Active Fix CleverPath to go to Logout Screen Fix CleverPath to go to Logon Screen

20 Things we need to do

21 Conclusion No significant under site on design Control with UTEP not CA Can grow with UTEP Probably have some new classes: –CASystem Class –GoldMineSystem Class –…

Download ppt "Project Overview Single Sign On Solution Robin Lilly."

Similar presentations

Ads by Google