Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Published byAugustine Watts Modified over 8 years ago

Similar presentations

Presentation on theme: "Authentication via campus single sign-on 2012 VIVO Implementation Fest."— Presentation transcript:

1 Authentication via campus single sign-on 2012 VIVO Implementation Fest

2 Welcome & Who are we? 2 Vincent Sposato, University of Florida Enterprise Software Engineering Primarily focused on VIVO operations and reproducible harvests Alex Viggio, Colorado University Office of Faculty Affairs FIS Developer

3 Goals of this session Provide you with a why for single sign-on Provide a basic implementation of a single sign-on solution, as implemented at UF Answer questions 3

4 Why Single Sign-On?

5 What is single sign-on? Is a property of access control of multiple related, but independent software systems Is usually an independent authentication system, with stricter rules, that provides confirmation of identity to these systems Is often thought to be the unicorn of authentication, as many have heard of it but no one has truly seen it Has been referred to as Enterprise Reduced Sign-On 5

6 Why single sign-on? Reduces ‘password fatigue’ from remembering multiple usernames and passwords for different systems Reduces amount of duplicating password entry for same user within same environment Provides for enforcement of more robust security requirements and compliance reporting, since there is a centralized authentication mechanism 6

7 Why not single sign-on? Potential for increased risk should identities be compromised, as single sign- on gives the ‘keys’ to the castle away Loss of singular authentication system, would result in denial of service to a large amount of systems Can be difficult to integrate with older systems, and /or closed systems that do not natively support separate authentication 7

8 Who has single sign-on Every Major Institution in the world … That we know of 8

9 Typical SSO Implementations Kerberos – Once authenticated a ticket-granting ticket is given to the system – This TGT is handed around to gain authentication to other systems that support Smart Card – Use of a password to unlock the Smart Card – Other applications make call to the Smart Card without further need to provide password One Time Password (OTP) – RSA SecurID is an example of a OTP, and is the standard for 2-Factor Authentication Integrated Windows Authentication (Active Directory) – Microsoft standard for integrating credentials between supporting systems – uses Kerberos, SPNEGO, and NTLMSSP – to accomplish SSO Shibboleth – Open-source federated identity-based authentication and authorization system based on Security Assertion Markup Language (SAML) 9

10 What do I need to have? Guides about the Identity Management System @ your institution The required software for your identity management system installed and configured on your VIVO application server 10

11 Implementing Shibboleth

12 How does it all work 12

13 Setting up the Server to Secure VIVO You can use shibboleth.xml to secure applications We use the apache configuration files Add the following lines fix confusion between tomcat, apache, and shibboleth JkUnMount /Shibboleth.ssso/* default JkUnMount /Shibboleth default JkUnMount /shibboleth-sp/* default 13

14 Setting up the Server to Secure VIVO Next we need to specify the location of VIVO login processing /loginExternalAuth and turn on shibboleth for that file AuthType shibboleth ShibRequireSession On require valid-user require shibboleth ShibUseHeaders On 14

15 Setting up VIVO for the SSO Most SSO pass an apache header variable once authenticated. If they don’t you’ll need to write an application to generate one based on its method of passing the authenticated users information Set in your configuration file – external.Auth.netIDHeaderName 15

16 Setting up VIVO for the SSO Its not always easy to change styles and pages in VIVO for someone who isn’t a web designer. So instead of keeping the login text generic with “Login” we can change the text from the deploy properties file. – externalAuth.buttonText 16

17 Setting up VIVO for the SSO You need to have in your VIVO a data property populated with the identifying information that will come from your SSO. This is used to associate an individual with their profile in VIVO Set that data property into – selfEditing.idMatchingProperty To – http://vivo.mydomain.edu/ontology/vivo- md/institutionid 17

18 Questions?

Download ppt "Authentication via campus single sign-on 2012 VIVO Implementation Fest."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.

Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
CS795/895.NET Passport1. NET PASSPORT &TRUSTBRIDGE SHRIPAD PATIL CS795/895 SECURITY IN DISTRIBUTED SYSTEMS.

CS795/895.NET Passport1. NET PASSPORT &TRUSTBRIDGE SHRIPAD PATIL CS795/895 SECURITY IN DISTRIBUTED SYSTEMS.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
Enterprise Single Sign On Identity management for web applications.

Enterprise Single Sign On Identity management for web applications.
Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Similar presentations

Ads by Google