Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

Slides:

Advertisements

Similar presentations

Secure Single Sign-On Across Security Domains

Advertisements

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

FI-WARE Testbed Access Control temporary solution.

Research and Innovation Participant Portal How to register for an ECAS account NEXT.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Smart Card Single Sign On with Access Gateway Enterprise Edition

Session 11: Security with ASP.NET

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

Integrating with UCSF’s Shibboleth system

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Identity on Force.com & Benefits of SSO Nick Simha.

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

Shibboleth 2.0 IdP Training: Authentication January, 2009.

Module 11: Securing a Microsoft ASP.NET Web Application.

Shibboleth: An Introduction

At the Log in page enter your college provided username and password then click submit to login to Owl Link.

Integrating and Troubleshooting Citrix Access Gateway.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Web Access. Overview  Purpose  Prerequisites  Install Components  Enable Virtual Directories  IIS Configuration & Security  Troubleshooting.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

F5 APM & Security Assertion Markup Language ‘sam-el’

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Web SSO with Cloud Resources using AD Federation Services

Secure Single Sign-On Across Security Domains

Using Your Own Authentication System with ArcGIS Online

Hosted Services Led by Jason Gross, Terrice McClain, & Jen Paulin

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

NDMS AMS Authentication

Authentication Interact Cloud.

Analyn Policarpio Andrew Jazon Gupaal

Federation made simple

What’s New in Conference Host Led by Michael Fogarty & Dennis Le Yat

Shibboleth Integration Fairfield University

AIM/education directory (Ed dir)

HMA Identity Management Status

Data Interface Module Leighton Wingerd & Manisha Kollu

Welcome to the 20th Anniversary of the IUG

Visitor Registration Pass Charles Boone & David Kritz

Radius, LDAP, Radius used in Authenticating Users

Your Key to Privacy, Security, and Access to Services

Addressing the Beast: Single Sign-On II

Requesting Access to POP on Intel’s Supplier Presence Site - External Users Feb 28, 2012.

Shibboleth Implementation in EZproxy

NFX Q-Port on-boarding guide

New Primo Authentication

Cloud Connect Seamlessly

Hybrid Search Planning Implementation.

Multi-Factor Authentication

PGA TOUR Security Update

Management Application for all segments

Presentation transcript:

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd Adirondack Solutions Users Group 2017 Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd Monday 1:00PM – 2:00PM

Agenda What is Single sign-on? Why Single Sign-On? Which SSO Options are Supported? How It Works Basic “How-To” Hosted Clients On-Premise Clients

What is Single sign-on Single sign-on is a user/session authentication process that permits a user to enter one username and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

Why Single Sign-On SSO Provides Better Security Centralized enforcement of password policy Centralized lockout One password to remember Improve user experience Same login page across all web applications that use SSO Login once, access many applications Reduce operational cost Ease burden on developers

Which SSO Options are Supported? Adirondack Solutions supports other authentication methods as well, including: CAS Pass-through (for self-service products, only) Banner Self-Service Integration (for self-service products, only) Ellucian Ethos Identity Management Active Directory LDAP SAML ADFS Shibboleth CAS Pass-through Custom Banner Self-Service

Caveats SAML Authentication Assuming Id Provider (IdP) and Service Provider (SP) already installed and operational Using primarily Shibboleth terminology Authentication versus Authorization

How To: Hosted Clients SAML Authentication Submit an eSupport request to initiate the process Information needed for setup: IDP URL Meta Data Attribute that contains the username ASI Staff completed configuration and provides meta data URL ASI and client staff coordinate testing for each environment and application involved

How It Works SAML Authentication Web site placed under the Shibboleth/ADFS umbrella If credentials are not present on page request, browser is redirected to SSO login page On successful authentication, browser is redirected to original page request with credentials Page requested must detect proper user attribute and determine authorization accordingly

Caveats CAS Authentication If required the service url must allowed on the CAS server and IP address of the application server allowed to send request for authenication. The process is designed to work with CAS version 2.0 and 3.0

How It Works CAS Authentication Web site has to be configured to authenticate with the CAS server. If credentials are not present on page request, browser is redirected to SSO login page On successful authentication, browser is redirected to original page request with credentials Page requested must detect proper user attribute and determine authorization accordingly

How To: Hosted Clients CAS Authentication Submit an eSupport request to initiate the process Information needed for setup: CAS Server URL Attribute that contains the username ASI Staff completed configuration and provide CAS service URL ASI and client staff coordinate testing for each environment and application involved

Pass-through Authentication Caveats Pass-through Authentication Sometimes requires custom coding Requires familiarity with tools such as web-advisor, share-point or web-tailor

Pass-through Authentication How It Works Pass-through Authentication Link or button to THD Self-Service is configured in the web-portal Token information such as time, key and Student number are hashed passed to THD Self-Service. THD Self-Service confirms that the hash is valid and that it is within the allotted time limit. URL or Hidden variables are Pass-through to allow access.

Pass-through Authentication How To: Hosted Clients Pass-through Authentication Submit an eSupport request to initiate the process Information needed for setup: Identify web-portal system Agree on shared variables and key Attribute that contains the username ASI Staff completed configuration and provides meta data URL ASI and client staff coordinate testing for each environment and application involved

How To: On-Premise Clients Edit Index.cfm to check CGI attributes Create supplemental authorization script Create SSO user in database Create startup HTML file Edit DataSourceName.cfm to use the supplemental authorization script Place web site under Shibboleth/ADFS umbrella

Contact Information Thank you for participating! Should you have any questions regarding this presentation, please use the contact information below: Terrice McClain, terrice@adk.tech, 800.372.3165 x 212 Jen Paulin, jen@adk.tech, 800.372.3165 x 215 Leighton Wingerd, leighton@adk.tech, 800.372.3165 x 211