1 / 19

Project Overview

Project Overview. Single Sign On Solution Robin Lilly. Description of Single Sign On. Single sign will allow user to sign on to UTEP’s system one time and be logged into all the diverse systems from that one session. Exchange Mail DotNetNuke Portals CA’s CleverPath GoldMine.

Download Presentation

Project Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Project Overview Single Sign On Solution Robin Lilly

  2. Description of Single Sign On • Single sign will allow user to sign on to UTEP’s system one time and be logged into all the diverse systems from that one session. • Exchange Mail • DotNetNuke Portals • CA’s CleverPath • GoldMine

  3. Single Sign On Goals • Feasible • Scalable • Secure • Within budget • Immediate solution • Meets future needs • Independent of 3rd party systems

  4. Some Problems Encountered • Dependence on CleverPath • Password to use in other systems was stored in CleverPath • Retrieval of Password will never be successful based on current API • Request & Response objects • CleverPath XML API problems • No API to keep session alive when not in CleverPath • No successful creation of CleverPath Session without redirecting to CleverPath • No API ability to kill CleverPath session • Session Info is stored in CleverPath

  5. Solution • Store’s session/password information • Pass request & response objects • Build independent solution

  6. Look at some uses of Single Sign On • Sign On to System • Check if I’m signed on

  7. Sign On Users UI - User Login Validation Other System CleverPathAPI Active Directory iPlanet Create Session Info (SessionID, Encrypted Password, Salt) Session Data (Session, Password, UserName) Session Cookie (Session & Salt)

  8. DNN Check if I’m Signed On Session Cookie (Session & Salt) Various UTEP Sites Various UTEP Sites Validation Session Status Other System CleverPathAPI Active Directory iPlanet Is Session Active in Database Is Session Active in Clever Path Is Session Active in GoldMine Create Session Info (SessionID, Encrypted Password, Salt) Goldmine Goldmine Clever Path Gold Mine It site It site Session Data (Session, Password, & UserName) Session Cookie (Session & Salt) CleverPath CleverPath

  9. Classes • Talk about supporting classes • Registry • MyRegistry • Rijndael • SessionInfo See Page 2 of SingleSignOn Document

  10. Users Session Classes • UsersDB class wraps the UserSessionInfo table • UserCredentials class is passed the Session & Salt at instantiation • It then makes a call to GetUserSession • It then decrypts the password with a call to Rijndael

  11. UserAttributes Class • UserAttributesInit() • Get Session Info from the cookie (SSO Class) • Gets UserCredentials from Database • GetUserAttributes() • Call iPlanet XML for attributes See Page 3 of SingleSignOn Document

  12. Single Sign On Class • Constructors • IsActiveSession() • Get Cookie Info • Check Database if Session is valid • Check other systems active See Page 4-6 of SingleSignOn Document

  13. Single Sign On Class (cont.) • LogIn(UserID,Password), • Remove Old Session & Cookies • Generate Salt • AuthenticateUser(UserID, Password) • Call CleverPath XML API to Create Session • Store Session in Cookie and Database See Page 7-8 of SingleSignOn Document

  14. Single Sign On Class (cont.) • LogOut() • Calls RemoveSession() • Calls RemoveCleverPathCookie() • RemoveSession() • Removes Cookie & Database Entry • RemoveCleverPathCookie() • Removes CleverPath Cookie See Page 9 of SingleSignOn Document

  15. Single Sign On Class (cont.) • GetSessionInfo() • Get Session Cookie • Put SessionId and Salt into SessionInfo See Page 10 of SingleSignOn Document

  16. Single Sign On Class (cont.) • SetSessionCookie(SessionID,Salt) • Writes an in memory cookie with SessionID and Salt Out • SetCleverPathSessionStillActive(SessionID) • Changes CleverPath Cookie to still be active See Page 11-12 of SingleSignOn Document

  17. Single Sign On Class (cont.) • GetSignOnURL(RedirectPage) • Returns the URL of the signon page with the return page as the page passed in See Page 13 of SingleSignOn Document

  18. Things CA should do • Changes to CleverPath API or do our own fix • Is Session Active • Remove Session • Keep Session Active • Fix CleverPath to go to Logout Screen • Fix CleverPath to go to Logon Screen

  19. Conclusion • No significant under site on design • Control with UTEP not CA • Can grow with UTEP • Probably have some new classes: • CASystem Class • GoldMineSystem Class • …

More Related