The Homegrown Single Sign On SSO Project at

  • Slides: 24
Download presentation
The Homegrown Single Sign On (SSO) Project at UM – St. Louis

The Homegrown Single Sign On (SSO) Project at UM – St. Louis

Introduction Kyle Collins – Principal Systems Administrator ¡ Kelly Crone-Willis – Expert Systems Administrator

Introduction Kyle Collins – Principal Systems Administrator ¡ Kelly Crone-Willis – Expert Systems Administrator ¡

Outline Problems And Goals ¡ Why An In-House Solution? ¡ Where We Started From

Outline Problems And Goals ¡ Why An In-House Solution? ¡ Where We Started From ¡ SSO Version 1 ¡ SSO Version 2 ¡ SSO Version 3 ¡ Key Concepts ¡ Conclusion ¡

Problems and Goals q q Multiple Ids On Varying Systems Non-synched Passwords Expanding Services

Problems and Goals q q Multiple Ids On Varying Systems Non-synched Passwords Expanding Services End User Support For Multiple Accounts And Systems v v v Users Have One ID For All Systems Synchronize Passwords Improve And Simplify Support Flexibility To Add New Systems ***One Login***

Why An In-House Solution? University Environment Had Many Platforms For Computing ¡ Standardizing On

Why An In-House Solution? University Environment Had Many Platforms For Computing ¡ Standardizing On A Single OS Not Possible ¡ Vendor Solutions ¡ l l l Very Expensive Unreliable And Undeveloped Long Term Effort

Where We Started From New Account System Introduced System Wide ¡ Oracle Meta-database ¡

Where We Started From New Account System Introduced System Wide ¡ Oracle Meta-database ¡ New Systems Being Deployed Provided An Opportunity To Start SSO ¡ Created A New Default Password For All SSO Based Accounts ¡

SSO Version 1 ¡ ¡ ¡ Oracle Server Holds Account Information And Unique ID

SSO Version 1 ¡ ¡ ¡ Oracle Server Holds Account Information And Unique ID For Each User Individual Servers Create Accounts Based Upon Metadata Accounts All Created With A Standardized Default Password

SSO Version 1 (cont. ) ¡ ¡ ¡ User Goes To SSO Web Page

SSO Version 1 (cont. ) ¡ ¡ ¡ User Goes To SSO Web Page To Sync Passwords Auths To Kerberos To Verify Linux Server Initiates Password Change To All Servers

SSO Version 1 (cont. ) Accomplishments ü ID And Passwords Synchronized Across Systems ü

SSO Version 1 (cont. ) Accomplishments ü ID And Passwords Synchronized Across Systems ü Password Complexity Enforced Continuing Issues q Did Not Work For Non-hr/SIS Accounts q No Helpdesk Tools q Administrators Had To Fix Problems/Handle Special Cases

SSO Version 2 ¡ ¡ ¡ Replaced Kerberos Backend With Active Directory Consolidated System

SSO Version 2 ¡ ¡ ¡ Replaced Kerberos Backend With Active Directory Consolidated System Accounts Where It Made Sense Provided Tools To Helpdesk And User

SSO Version 2 (cont. ) ¡ ¡ Presented A Central Point To Access Various

SSO Version 2 (cont. ) ¡ ¡ Presented A Central Point To Access Various Services Users Still Had To Login To Each Service Individually

SSO Version 2 (cont. )

SSO Version 2 (cont. )

SSO Version 2 (cont. ) Accomplishments ü System Works For Non-hr/SIS Accounts ü Provided

SSO Version 2 (cont. ) Accomplishments ü System Works For Non-hr/SIS Accounts ü Provided Helpdesk Tools To Reset Passwords And Assist Users ü Provided Users Tool To Self Reset Passwords Continuing Issues q Users Still Had To Login Each Time For Each System On Campus

SSO Version 3 ¡ Utilize A Redirection Service To Achieve A Single Login For

SSO Version 3 ¡ Utilize A Redirection Service To Achieve A Single Login For Users Using Blackboard Version 6 As A Central Point To Access Services ü Achieved One Login* ¡

How It Works

How It Works

Client SSL SSO Version 1 Link Portal Server Email Server

Client SSL SSO Version 1 Link Portal Server Email Server

Client SSO Server SSL SSO Version 3 Portal Server

Client SSO Server SSL SSO Version 3 Portal Server

Client SSO Server SSL SSO Version 3 (Cont. ) Link Portal Server Email Server

Client SSO Server SSL SSO Version 3 (Cont. ) Link Portal Server Email Server

SSO Version 3 (cont. ) ¡ Demonstration l l https: //mygateway. umsl. edu https:

SSO Version 3 (cont. ) ¡ Demonstration l l https: //mygateway. umsl. edu https: //sso. umsl. edu

SSO Version 3 (cont. ) Accomplishments ü Users Login To One Point, One Time,

SSO Version 3 (cont. ) Accomplishments ü Users Login To One Point, One Time, To Access Most Services On Campus ü Can Be Leveraged For Shibboleth Like Functionality Continuing Issues q Unix Shell Accounts Using NIS q Moving To Account Activation

Key Concepts ¡ Single Repository For Account Information l ¡ Leverage A Flexible Network

Key Concepts ¡ Single Repository For Account Information l ¡ Leverage A Flexible Network Directory System For Centralizing Authentication l ¡ This Helps To More Easily Bring In New Systems Plan For Flexibility l ¡ This Must Be The Authority For All Accounts Not Everything Makes Sense To Centralize Focus And Limit Divergence From The System

Conclusion ¡ The Most Difficult Tasks l l l ¡ The Most Important Objectives

Conclusion ¡ The Most Difficult Tasks l l l ¡ The Most Important Objectives l l l ¡ Finding A Starting Point Bringing In New Systems Selling The Initial Pain Make The System As Flexible As Possible New Systems Should Conform To The Standard Management Buy In Questions?

Contact Information ¡ Kyle Collins l ¡ Email – collinsk@umsl. edu Kelly Crone-Willis l

Contact Information ¡ Kyle Collins l ¡ Email – collinsk@umsl. edu Kelly Crone-Willis l Email – cronek@umsl. edu Thank you for attending!

Copyright Kyle Collins and Kelly Crone-Willis 2005. This work is the intellectual property of

Copyright Kyle Collins and Kelly Crone-Willis 2005. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.