Presentation is loading. Please wait.

Presentation is loading. Please wait.

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

Published byHolly Gardner Modified over 6 years ago

Similar presentations

Presentation on theme: "Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd"— Presentation transcript:

1 Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Adirondack Solutions Users Group 2017 Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd Monday 1:00PM – 2:00PM

2 Agenda What is Single sign-on? Why Single Sign-On?
Which SSO Options are Supported? How It Works Basic “How-To” Hosted Clients On-Premise Clients

3 What is Single sign-on Single sign-on is a user/session authentication process that permits a user to enter one username and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session. 

4 Why Single Sign-On SSO Provides Better Security
Centralized enforcement of password policy Centralized lockout One password to remember Improve user experience Same login page across all web applications that use SSO Login once, access many applications Reduce operational cost Ease burden on developers

5 Which SSO Options are Supported?
Adirondack Solutions supports other authentication methods as well, including: CAS Pass-through (for self-service products, only) Banner Self-Service Integration (for self-service products, only) Ellucian Ethos Identity Management Active Directory LDAP SAML ADFS Shibboleth CAS Pass-through Custom Banner Self-Service

6 Caveats SAML Authentication
Assuming Id Provider (IdP) and Service Provider (SP) already installed and operational Using primarily Shibboleth terminology Authentication versus Authorization

7 How To: Hosted Clients SAML Authentication
Submit an eSupport request to initiate the process Information needed for setup: IDP URL Meta Data Attribute that contains the username ASI Staff completed configuration and provides meta data URL ASI and client staff coordinate testing for each environment and application involved

8 How It Works SAML Authentication
Web site placed under the Shibboleth/ADFS umbrella If credentials are not present on page request, browser is redirected to SSO login page On successful authentication, browser is redirected to original page request with credentials Page requested must detect proper user attribute and determine authorization accordingly

9 Caveats CAS Authentication
If required the service url must allowed on the CAS server and IP address of the application server allowed to send request for authenication. The process is designed to work with CAS version 2.0 and 3.0

10 How It Works CAS Authentication
Web site has to be configured to authenticate with the CAS server. If credentials are not present on page request, browser is redirected to SSO login page On successful authentication, browser is redirected to original page request with credentials Page requested must detect proper user attribute and determine authorization accordingly

11 How To: Hosted Clients CAS Authentication
Submit an eSupport request to initiate the process Information needed for setup: CAS Server URL Attribute that contains the username ASI Staff completed configuration and provide CAS service URL ASI and client staff coordinate testing for each environment and application involved

12 Pass-through Authentication
Caveats Pass-through Authentication Sometimes requires custom coding Requires familiarity with tools such as web-advisor, share-point or web-tailor

13 Pass-through Authentication
How It Works Pass-through Authentication Link or button to THD Self-Service is configured in the web-portal Token information such as time, key and Student number are hashed passed to THD Self-Service. THD Self-Service confirms that the hash is valid and that it is within the allotted time limit. URL or Hidden variables are Pass-through to allow access.

14 Pass-through Authentication
How To: Hosted Clients Pass-through Authentication Submit an eSupport request to initiate the process Information needed for setup: Identify web-portal system Agree on shared variables and key Attribute that contains the username ASI Staff completed configuration and provides meta data URL ASI and client staff coordinate testing for each environment and application involved

15 How To: On-Premise Clients
Edit Index.cfm to check CGI attributes Create supplemental authorization script Create SSO user in database Create startup HTML file Edit DataSourceName.cfm to use the supplemental authorization script Place web site under Shibboleth/ADFS umbrella

16 Contact Information Thank you for participating! Should you have any questions regarding this presentation, please use the contact information below: Terrice McClain, x 212 Jen Paulin, x 215 Leighton Wingerd, x 211

Download ppt "Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Research and Innovation Participant Portal How to register for an ECAS account NEXT.

Research and Innovation Participant Portal How to register for an ECAS account NEXT.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
Smart Card Single Sign On with Access Gateway Enterprise Edition

Smart Card Single Sign On with Access Gateway Enterprise Edition
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Integrating with UCSF’s Shibboleth system

Integrating with UCSF’s Shibboleth system
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.

U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

Similar presentations

Ads by Google