Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Similar presentations


Presentation on theme: "SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005."— Presentation transcript:

1 SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005

2 Opening Slide Session Objectives: –Understand the Blackboard Academic Suite™ security and permissions architecture –Review options available Innovation –Discover opportunities Results/Outcomes –Improve service to users –Reduce support costs

3 Agenda Authorization Session Management Authentication –Configuration Options –Single Log-in –Single Sign-on Authorization Session Management Authentication User Identity Resources

4 Authorization Self Contained in Blackboard® GUI Configuration Allows the user to perform sets of actions Software driven Authorization Blackboard Database Blackboard Database User ID ??? Who are you? What do you want? Permission to see it. Permission to do it.

5 System Privileges course.images.MODIFY course.settings.MODIFY course-catalog.CREATE course-catalog.DELETE course-catalog.MODIFY course-catalog.settings.MODIFY course-categories.VIEW discussion-board.CREATE discussion-board.DELETE discussion-board.MODIFY discussion-board.VIEW email-all-instructors.EXECUTE email-all-students.EXECUTE email-all-users.EXECUTE email-support.MODIFY

6 Authorization and Session Management Session Manager maintains ID Authorization requests ID Authorization Session Management Who are you? User ID

7 Blackboard Session Management Session Launch Session Cookie/Table Timeout Stateful Session Management Cookie Session ID User ID Blackboard User ID

8 Sessions Across Servers Session Affinity Cookie-based Session Cache Load Balancer App1 File Server App2 App3 Database

9 User_ID Authentication Who are you? –How do we get the user ID? Can we trust you? –How do we secure the process? Session Management

10 Basic Workflow Authorization Session Management Authentication

11 Authentication Options Default Single Log-in –LDAP Single Sign-On –Web Server Delegation Windows (IIS) UNIX (Apache) Shibboleth –Custom Pass-Through Authentication

12 Default Blackboard Authentication Uses a Challenge/Response Mechanism Does not send the password over the network in “clear text” form Does not store passwords in “clear text” Authentication Properties = RDBMS

13 Challenge/Response Mechanism User Requests Login Page Server sends login page with Challenge User Enters Credentials; Credentials are submitted with Challenge and MD5 Encrypted Server receives credentials, uses challenge to compare the password with the MD5 password stored in the Bb database

14 Single Log-In Application1 Application3 username & password Application2 username & password Directory Service One Username and Password pair for multiple Applications

15 Blackboard LDAP Authentication Configuration setting “plugs” Blackboard into existing infrastructure and enables Single Login Provides for multiple directories and fallback for Blackboard only users LDAP v2, but…

16 Blackboard Directory Service HTTPS LDAP(S) username & password YES or NO Directory Service LDAP Authentication Security Configuration Fallback

17 Authentication Service/Gateway Authentication Service/Gateway Directory Service Single Sign-On Application1 Application3 username & password Application2 One Username and Password submission for all applications

18 Web Server Delegation Types –Apache Mods –IIS/Active Directory –Custom Reconcile, Create or Deny User Registry or Batch_UID

19 Web Server Delegation Blackboard Web Server User ID Session Management Authentication Remote_User

20 Authentication Service/Gateway Authentication Service/Gateway Institutional Single Sign-On Application1 Application3 Application2 WebServer Web Initial Sign-On

21 Pass Through Authentication Application 1 Authentication Session Mngr Blackboard Handler Session Mngr User ID Application 2 Handler Session Mngr Context –/webapps/blackboard/launch_external.jsp –Context Encryption

22 Log Out No workflow is complete without the LOG OUT procedures Review Use Cases!! Check sessions of all applications Application1 Application3 Application2

23 Closing Slide Innovating Together in ‘05: –Authorization, Session Management, Authentication –Authentication methods Resources Available: –Blackboard Authentication Manual –Blackboard Administrators Manual –Web Initial Sign-on (http://middleware.internet2.edu/webiso/) Follow up Contact(s): –Jeff Kelley, Solutions Engineer jkelley@blackboard.com IF YOU ONLY REMEMBER 1 THING: –Don’t forget to log out!


Download ppt "SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005."

Similar presentations


Ads by Google