LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.

Slides:



Advertisements
Similar presentations
MyProxy Jim Basney Senior Research Scientist NCSA
Advertisements

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
MIT Lincoln Laboratory A Service-Oriented Approach to Application Development Robert Darneille & Gary Schorer WPI MQP Presentations ICS Group 10 October.
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
MyProxy: A Multi-Purpose Grid Authentication Service
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.
A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
WEB2P security Java web application security Dr Jim Briggs.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
Teamcenter™ Security Services SSO
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Chapter 12: Additional Active Directory Server Roles
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.
Identity Management Report By Jean Carreon and Marlon Gonzales.
What’s new in Stack 3.2 Michael Youngstrom. Disclaimer This IS a presentation – So sit back and relax Please ask questions.
The Directory A distributed database Distributed maintenance.
Internationalization and the Java Stack Matt Wheeler.
Enticy GROUP THE A Framework for Web and WinForms (Client-Server) Applications “Enterprise Software Architecture”
LDS Account Integration. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Access Control Personal.
Developing Applications for SSO Justen Stepka Authentisoft, LLC
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Struts J2EE web application framework “ Model 2 ” Model View Controller Controller Servlet Key features XML metadata Struts taglib Simplified form validation.
Introduction to Spring Matt Wheeler. Notes This is a training NOT a presentation Please ask questions Prerequisites – Introduction to Java Stack – Basic.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers
Source: Peter Eeles, Kelli Houston, and Wojtek Kozaczynsky, Building J2EE Applicationa with the Rational Unified Process, Addison Wesley, 2003 Prepared.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Authentication and Authorization Charles (Cal) Loomis & Mohammed Airaj LAL, Univ. Paris-Sud, CNRS/IN2P October 2013.
Using Spring Security and CAS JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
Electronic data collection system eSTAT in Statistics Estonia: functionality, authentication and further developments issues 4th June 2007 Maia Ennok,
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Module 11: Securing a Microsoft ASP.NET Web Application.
LDS Account Integration. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:
Kuali Rice A basic overview…. Kuali Rice Mission First and foremost to provide a consistent development framework and common middleware layer for Kuali.
Building Secure Web Applications With ASP.Net MVC.
WAM and the Java Stack. Disclaimer Please ask questions There are hands on labs Prerequisites: – Basic Java knowledge – Basic Spring knowledge – LDS Account.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
11/14/00Copyright © Yale University1 uPortal: A Java Based Portal Framework A Project of JA-SIG ( Presented by: Susan Bramhall,
Access Services Introduction & Setup Requirements Kipp Sorensen, Soren Innovations.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
The OWASP Foundation guarding your applications Koen Vanderloock
Preface IIntroduction Objectives I-2 Course Overview I-3 1Oracle Application Development Framework Objectives 1-2 J2EE Platform 1-3 Benefits of the J2EE.
WEB SERVER SOFTWARE FEATURE SETS
ESG-CET Meeting, Boulder, CO, April 2008 Gateway Implementation 4/30/2008.
15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.
IBM Express Runtime Quick Start Workshop © 2007 IBM Corporation Deploying a Solution.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Slide 1 © 2016, Lera Technologies. All Rights Reserved. SAP BO vs SPLUNK vs OBIEE By Lera Technologies.
WAM and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
Unlocking the Secrets of Alfresco Authentication Mehdi BELMEKKI, Consultancy Team Alfresco.
Daniel Doubrovkine (dblock[at]dblock[dot]org) Single Sign-On w/ Tomcat & WAFFLE 6/8/2010 Tomcat -> Waffle ->
CollegeSource Security Application &
Prime Service Catalog 12.0 Integration Best Practices – LDAP and SAML Settings.
Module Overview Installing and Configuring a Network Policy Server
Server Concepts Dr. Charles W. Kann.
LDS Account and the Java Stack
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

LDS Account and the Java Stack

Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites: – Basic Java knowledge – Basic Spring knowledge

Outline LDS Account Overview – History – Authentication – User Details Spring Security Overview – Authentication – LDS Account integration – In memory integration

History Historically each application handled authentication as a one off – Troublesome for users (many credentials to remember) – User information duplicated over and over throughout the enterprise – Difficult to get user information at all Screaming for consolidation and a single, central solution

LDS Account "LDS Account is a single user name and password for any person who interacts with online LDS Church resources. LDS Account is the primary account authentication credentials for most Church sites and applications. It reduces development costs that would be incurred as the user interfaces change, or as upgrades to security and the registration process are required. Unlike previous authentication systems, LDS Account is a branded single sign-on solution that is centrally managed at ldsaccount.lds.org."

LDS Account (cont.) "LDS Account has become the key to accessing all the resources the Church has to offer, such as family history tools, ward and stake websites, employment resources, and more.... The idea is to have only one username and password that you can use with all password-protected websites the Church has."

What is LDS Account? LDS Account is meant to be the single source for user authentication and basic user information LDS Account is implemented with LDAP LDS Account is an application for maintaining user attributes

LDS Account Uses LDAP Lightweight Directory Access Protocol Distributed directory of information – Much like a database – Not queried with SQL – For further information about the Directory structure, please see the corresponding section at: Access_Protocol LDS Account = LDAP WAM = Single Sign-on

User Details LDS Account also provides user information – User details – User details can be exposed through LDAP attributes WAM headers SAML attributes

LDS Account User Details Integration The LDS Account module acts as a Java model for LDS Account information LdsAccountDetails.java is the abstraction layer for LDS Account user details integration Factories generate LdsAccountDetails object for each user – Factories handle the different formats in which the raw user details attributes are provide to the application LDAP attributes, WAM headers, SAML, …

Lab 1 _-_Part_1#Lab_1

LDS Account Spring Security Integration

Authentication vs. Authorization Authentication - "you are who you say you are" – Identification of an individual user of the application – Credential-based authentication Authorization - "you have appropriate permissions to perform the operation you are attempting" – Availability of functionality and data to users who are authorized (or allowed) to access it – ication_vs._authorization

Spring Security Spring Security is a highly customizable and pluggable enterprise authentication / authorization security framework – Provides tools for managing application access (authentication) – Rules for what users can access (by url) (authorization) – Securing methods (authorization),... Overcomes lack of depth in J2EE Servlet Specification Further information can be found here: security/site/reference.html

Spring Security (authentication) Spring comes with many pluggable authentication providers – Support provided for authenticating with: LDAP X.509 (Certificates) Databases (JDBC) JAAS OAuth HTTP BASIC Form-based …

Spring Security Authentication Manager Basic configuration: Native Spring in memory authentication provider configuration (applicationContext.xml)...

Spring Security Web Configuration Configure filter in web.xml springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain /*

Spring Security Context Configuration Configure applicationContext.xml Please see documentation for further element and attribute information: security/site/docs/3.1.x/reference/springsecurity- single.html

Demo

Spring Security/LDS Account Integration LDS Account authentication provider hooks into Spring Security In-memory implementation Namespace handlers simplify the configuration sites/stack/module.html?module=lds- account/stack-lds-account- spring/index.html#LDAP_Global_Directory_Auth entication

Spring Security/In-memory Authentication In-memory authentication provides quick setup Useful for testing sites/stack/module.html?module=lds- account/stack-lds-account- spring/index.html#In_Memory_Authentication Attribute information: mentation%20Details/HTTP%20Headers.aspx

Access LdsAccountDetails Through injection Through static private Provider ldsAccountDetails; LdsAccountDetails ldsAccountDetails = ((LdsAccountUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getLdsAccountDetails();

Demo

Lab 2 _-_Part_1#Lab_2

Conclusion LDS Account rocks! The Java Stack integration with LDS Account and Spring Security rocks!

Credit Where Credit is Due security/site/docs/3.1.x/reference/springsecurity -single.html Spring Security 3 – by Peter Mularien

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.