1 / 18

State of Connecticut Department of Information Technology

State of Connecticut Department of Information Technology. Single Sign On and The Identity Vault. Presented by Edward Wilson. Enterprise Single Sign On. User Provisioning User Authentication Application Authentication. What makes up SSO . NOVELL Edirectory 8.8 Access Manager 3.1

obelia
Download Presentation

State of Connecticut Department of Information Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. State of ConnecticutDepartment of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson

  2. Enterprise Single Sign On • User Provisioning • User Authentication • Application Authentication

  3. What makes up SSO NOVELL • Edirectory 8.8 • Access Manager 3.1 • Identity Manager 3.5 • Nsure Audit 2.0 All running on SUSE LINUX 10 SP2

  4. User Provisioning

  5. State of ConnecticutUser Identity VaultIn Edirectory

  6. How do they do That? • Standard Web based Access • User Enters a URL (Uniform Resource Locator) • The local DNS Server resolves the URL to a IP Address • The Internal network directs the session to the Web Site

  7. How do they do That? • Standard Web based Access • URL = http://www.ct.gov • DNS > www.ct.gov = 159.247.0.0 • State of CT Web Site Displayed

  8. How do we do That! • Single Sign On Web Access Via Reverse Proxy • URL = http://www.ct.gov • DNS > www.ct.gov = 159.247.0.0 • DNS > www.ct.gov = 159.247.X.Y • Access Gateway > www.ct.gov = 159.247.0.0

  9. User Authentication • Single Sign On Web Access

  10. Single Sign On User Authentication Web Browser Access Gateway Browser Header Record Identity Server Domain Name Server Web Server Index Server Outside Firewall

  11. User Authentication The approved methodology for passing User data to the application. • Browser Header Injection The alternative method. • Form Fill (Off-Shelf Systems)

  12. User AuthenticationBrowser Header Injection • ---------------------------------------- • Headers received from browser for request '163' • URL = /nesp/app/plogin?c=name/password/uri&%22http://csde.stag.ct.gov/%22 • ---------------------------------------- • User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 • Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 • Accept-Language: en-us,en;q=0.5 • Accept-Encoding: gzip,deflate • Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 • Keep-Alive: 300 • Host: csde.stag.ct.gov:80 • Connection: Keep-Alive

  13. User AuthenticationForm Fill (Off-Shelf Systems) New System Login Login __________ Password _____________

  14. Application AuthenticationApplication Security • LDAP calls to Edirectory • Internal to Application LDAP Search = WilsonED Groups = DMS, NDS, SFTP, SSO

  15. Application AuthenticationApplication Role Based SecurityIn Edirectory DS

  16. In the Future • Content Management • Self Service

More Related