February, 2012 2TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Slides:

Advertisements

Similar presentations

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013

Advertisements

FI-WARE Testbed Access Control temporary solution.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

MyProxy: A Multi-Purpose Grid Authentication Service

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

Atlassian Crowd 1.6 Single sign-on and Identity Management.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue

WEB2P security Java web application security Dr Jim Briggs.

Teamcenter™ Security Services SSO

Authenticating REST/Mobile clients using LDAP and OERealm

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

Public Key Infrastructure from the Most Trusted Name in e-Security.

CONNECT as an Interoperability Platform - Demo. Agenda Demonstrate CONNECT “As an Evolving Interoperability Platform” –Incremental addition of features.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Session 11: Security with ASP.NET

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

Developing Applications for SSO Justen Stepka Authentisoft, LLC

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.

DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment Michael Jacobs Development Architect.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Module 11: Securing a Microsoft ASP.NET Web Application.

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

UIT Campus Systems & Infrastructure CAS Web Authentication.

UMBC’s WebAuth Robert Banz – UMBC

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.

Progress Software Identity Management 101 Sarah Marshall OpenEdge QA Architect May 2012.

Delegation of Authority David Chadwick

The OWASP Foundation guarding your applications Koen Vanderloock

Oracle HFM Implementation Boot Camp

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Jasig CAS Roadmap Scott Battaglia Rutgers, the State University of New Jersey.

15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.

8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.

Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,

The FederID project The First Identity Management and Federation Free Software.

Secured Services Best Practices on ArcGIS for Server Patrick Jackson & Thomas Noble.

A National e-Authentication Service

Using Your Own Authentication System with ArcGIS Online

562: Power of Single Sign-On in OpenEdge

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

Federation made simple

CAS and Web Single Sign-on at UConn

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Welcome to the 20th Anniversary of the IUG

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

ESA Single Sign On (SSO) and Federated Identity Management

NAAS 2.0 Features and Enhancements

WI / XA Integration with NetScaler Gateway: How it works

What’s changed in the Shibboleth 1.2 Origin

Public Key Infrastructure from the Most Trusted Name in e-Security

JAAS AuthN Tokens in uPortal and Beyond

D Guidance 26-Jun: Would like to see a refresh of this title slide

Presentation transcript:

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS

Overview of Shiro Open Source Application Security Library developed as part of Apache Software Foundation Simplifies or replaces Java’s Security Mechanism (JAAS) to primarily provide Authentication and Authorization capabilities Allows capabilities to connect to different realms (identity providers) such as database, LDAP etc. for authenticating users Provides Authorization capabilities at Permission and Roles level Provide consistent session management (irrespective of the container) 2

Usage of Shiro in TRANSCEND Tolven v2.1 uses Shiro as its Authentication and Authorization Framework Shiro uses LDAP Realm to connect to OpenDS in back end for:  Authentication of the user  Retrieve Authorization Policy (Roles) for the user OpenDS is a replacement for OpenLDAP and contains:  User Credentials  User Roles stored as attributes Tolven is responsible for migration of user accounts from OpenLDAP to OpenDS as part of overall Tolven upgrade 3

Impact for Proposed 2TRANSCEND SSO Soln. No Immediate Impact Shiro and CAS are complementary technologies  Shiro – Used for Local Authentication and Simple Single Sign On*  CAS – Used for Enterprise-wide Single Sign On Shiro can participate in a CAS-based SSO framework by acting as a CAS SSO client (using Shiro/CAS plug-in) In future, Tolven can be part of SSO framework by leveraging the Shiro CAS plug-in and without any changes to the system For OpenDS, CAS should be able to connect to it as an Identity Provider  OpenDS exposes a standard LDAP Interface * Shiro’s SSO capabilities are limited 4

2TRANSCEND Single Sign On Architecture 5 Client Browser Target Web App SSO Client (CAS) SSO Server (CAS) OpenDS 1. Request Login 2. Provide Credentials 4. Issue SSO Ticket 5. Present SSO Ticket 5. Log User In 3. Validate Credentials Target Web App Container Tolven Shiro/ CAS Plug-in 5. Log User In Tolven Container 1a. Request Login 5a. Present SSO Ticket FUTURE

Questions ? Thank You 6